sargun@ubuntu:~$ hostname foo
hostname: you must be root to change the host name
Sargun Dhillon sargun
sargun
/ hostname2.md
Created
August 27, 2021 03:45
sargun
/ unshare.md
Created
August 27, 2021 03:44
sargun
/ hostname.md
Created
August 27, 2021 03:44
sargun@ubuntu:~$ getcap $(which ping)
/bin/ping = cap_net_raw+ep
sargun
/ hostname.md
Created
August 27, 2021 03:43
sargun@ubuntu:~$ hostname foo
hostname: you must be root to change the host namesargun@ubuntu:~$ cat /proc/self/status |grep Cap
CapInh: 0000000000000000
CapPrm: 0000000000000000
CapEff: 0000000000000000
CapBnd: 000001ffffffffff
CapAmb: 0000000000000000
sargun
/ test.console
Created
August 27, 2021 03:42
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sargun@ubuntu:~$ unshare -U --map-root-user | |
| root@ubuntu:~# id | |
| uid=0(root) gid=0(root) groups=0(root),65534(nogroup) | |
| root@ubuntu:~# cat /proc/self/status |grep Cap | |
| CapInh: 0000000000000000 | |
| CapPrm: 000001ffffffffff | |
| CapEff: 000001ffffffffff | |
| CapBnd: 000001ffffffffff | |
| CapAmb: 0000000000000000 |
sargun@ubuntu:~$ unshare -U --map-root-user
root@ubuntu:~# id
uid=0(root) gid=0(root) groups=0(root),65534(nogroup)
root@ubuntu:~# cat /proc/self/status |grep Cap
CapInh: 0000000000000000
CapPrm: 000001ffffffffff
CapEff: 000001ffffffffff
CapBnd: 000001ffffffffff
CapAmb: 0000000000000000
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| struct uts_namespace { | |
| struct kref kref; | |
| struct new_utsname name; | |
| struct user_namespace *user_ns; | |
| struct ucounts *ucounts; | |
| struct ns_common ns; | |
| } __randomize_layout; |
sargun
/ capability.c
Created
August 27, 2021 03:20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * capable - Determine if the current task has a superior capability in effect | |
| * @cap: The capability to be tested for | |
| * | |
| * Return true if the current task has the given superior capability currently | |
| * available for use, false if not. | |
| * | |
| * This sets PF_SUPERPRIV on the task if the capability is available on the | |
| * assumption that it's about to be used. | |
| */ |
sargun
/ trusted_tpm1.c
Created
August 27, 2021 03:07
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Lock a trusted key, by extending a selected PCR. | |
| * | |
| * Prevents a trusted key that is sealed to PCRs from being accessed. | |
| * This uses the tpm driver's extend function. | |
| */ | |
| static int pcrlock(const int pcrnum) | |
| { | |
| if (!capable(CAP_SYS_ADMIN)) | |
| return -EPERM; |