Provided by: util-vserver_0.30.210-6_i386 bug

NAME

       reducecap  -  The  reducecap  utility  is  used to lower the capability
       ceiling of a process and child process.

SYNTAX

       reducecap [options] <command arguments>

DESCRIPTION

       The reducecap utility is used to lower  the  capability  ceiling  of  a
       process  and  child  process. Even setuid program won’t be able to grab
       more capabilities.

OPTIONS

       --secure  Removes  all  dangerous   capabilities   from   the   process
       executed.Specificly it removes:
              CAP_LINUX_IMMUTABLE CAP_NET_BROADCAST CAP_NET_ADMIN, CAP_NET_RAW
              CAP_IPC_LOCK    CAP_IPC_OWNER    CAP_SYS_MODULE    CAP_SYS_RAWIO
              CAP_SYS_PACCT    CAP_SYS_ADMIN     CAP_SYS_BOOT     CAP_SYS_NICE
              CAP_SYS_RESOURCE CAP_SYS_TIME CAP_MKNOD.

              Leaving  the  following capabilities: CAP_CHOWN CAP_DAC_OVERRIDE
              CAP_DAC_READ_SEARCH CAP_FOWNER  CAP_FSETID  CAP_KILL  CAP_SETGID
              CAP_SETUID  CAP_NET_BIND_SERVICE  CAP_SYS_CHROOT  CAP_SYS_PTRACE
              CAP_SYS_TTY_CONFIG CAP_LEASE CAP_QUOTACTL

       --show Shows the current process capabilities.

       --flag sets the security context flags.  The  option  may  be  repeated
              several times. Here are the values:

              lock:  The  security  context  can’t  be changed. The process is
              trapped        in this  context.  This  is  generally  used  for
              vservers  because  yoy          do  not want them to hide in new
              security context.

              sched: Each process in a security context contribute (lower)  to
              the  general       priority  of  every processes in the context.
              Mostly, all processes      in a security context  take  as  much
              CPU  together  as  one process      not bound to this flag. Said
              again differently, a vserver having       100  active  processes
              won’t  get  more  CPU  than  another  vserver      with a single
              active process.

              nproc: The "ulimit -u N" setting becomes global to the  security
              context.  It  means       the security context is not allowed to
              have more than N processes.

              private: No other processes, even root in security context 0, is
              allowed  to       enter  this  security context. Once a security
              context is setup      with this flag, it is  on  its  own.  This
              also means that root      in security context 0 won’t be able to
              kill or interact with those      processes.

              hideinfo: Hides various information in /proc.

       --LINUX_IMMUTABLE

       --NET_BIND_SERVICE

       --NET_BROADCAST

       --NET_ADMIN

       --NET_RAW

       --IPC_LOCK

       --IPC_OWNER

       --SYS_MODULE

       --SYS_RAWIO

       --SYS_PACCT

       --SYS_ADMIN

       --SYS_BOOT

       --SYS_NICE

       --SYS_RESOURCE

       --SYS_TIME

       --MKNOD

              All these options remove one capability. These  options  may  be
              used after the --secure option to remove more capabilities.

FILES

       /usr/sbin/reducecap

EXAMPLES

       #  You  are  not  root now # What is the current capability ceiling cat
       /proc/self/status   #   The   capBset   line   presents   mostly    1s.
       /usr/sbin/reducecap   --secure  /bin/sh  cat  /proc/self/status  #  The
       capBset now shows many more 0s.  # The capEff shows all 0s, you have no
       privilege now # We su to root su cat /proc/self/status # capEff is much
       better now, but there are still many 0s # Now we try to see if  we  are
       really root tail /var/log/messages # So far so good, we see the content
       /sbin/ifconfig eth0  /sbin/ifconfig  eth0  down  #  No  way,  we  can’t
       configure the interface. In fact # we have lost most privilege normally
       assigned to root exit

       Please contribute some more, if you feel it’s important.

AUTHORS

       This Man page was written by Klavs Klavsen <kl@vsen.dk> and based  upon
       the helpful output from the program itself and the documentation on the
       Virtual                           Server                           site
       <http://www.solucorp.qc.ca/miscprj/s_context.hc?prjstate=1&nodoc=0>

SEE ALSO

       chcontext(8)   rebootmgr(8)   chbind(8)   vps(8)   vpstree(8)   vrpm(8)
       vserver(8) vserver-stat(8) vtop(8)