Provided by: util-vserver_0.30.216-pre2864-2ubuntu1_amd64 bug

NAME

       reducecap - The reducecap utility is used to lower the capability ceiling of a process and
       child process.

SYNTAX

       reducecap [options] <command arguments>

DESCRIPTION

       The reducecap utility is used to lower the capability  ceiling  of  a  process  and  child
       process. Even setuid program won't be able to grab more capabilities.

OPTIONS

       --secure  Removes  all  dangerous  capabilities  from  the  process executed.Specificly it
       removes:
              CAP_LINUX_IMMUTABLE  CAP_NET_BROADCAST  CAP_NET_ADMIN,   CAP_NET_RAW   CAP_IPC_LOCK
              CAP_IPC_OWNER CAP_SYS_MODULE CAP_SYS_RAWIO CAP_SYS_PACCT CAP_SYS_ADMIN CAP_SYS_BOOT
              CAP_SYS_NICE CAP_SYS_RESOURCE CAP_SYS_TIME CAP_MKNOD.

              Leaving the following capabilities: CAP_CHOWN CAP_DAC_OVERRIDE  CAP_DAC_READ_SEARCH
              CAP_FOWNER   CAP_FSETID   CAP_KILL   CAP_SETGID   CAP_SETUID   CAP_NET_BIND_SERVICE
              CAP_SYS_CHROOT CAP_SYS_PTRACE CAP_SYS_TTY_CONFIG CAP_LEASE CAP_QUOTACTL

       --show Shows the current process capabilities.

       --flag sets the security context flags. The option may be repeated several times. Here are
              the values:

              lock:  The security context can't be changed. The process is trapped        in this
              context. This is generally used for vservers because yoy        do not want them to
              hide in new security context.

              sched:  Each  process  in  a  security  context  contribute  (lower) to the general
                   priority of every processes in the context. Mostly, all  processes       in  a
              security  context  take  as much CPU together as one process      not bound to this
              flag. Said again differently, a vserver having      100 active processes won't  get
              more CPU than another vserver      with a single active process.

              nproc:  The  "ulimit -u N" setting becomes global to the security context. It means
                   the security context is not allowed to have more than N processes.

              private: No other processes, even  root  in  security  context  0,  is  allowed  to
                   enter  this  security context. Once a security context is setup      with this
              flag, it is on its own. This also means that root      in security context 0  won't
              be able to kill or interact with those      processes.

              hideinfo: Hides various information in /proc.

       --LINUX_IMMUTABLE

       --NET_BIND_SERVICE

       --NET_BROADCAST

       --NET_ADMIN

       --NET_RAW

       --IPC_LOCK

       --IPC_OWNER

       --SYS_MODULE

       --SYS_RAWIO

       --SYS_PACCT

       --SYS_ADMIN

       --SYS_BOOT

       --SYS_NICE

       --SYS_RESOURCE

       --SYS_TIME

       --MKNOD

              All  these  options  remove  one  capability.  These  options may be used after the
              --secure option to remove more capabilities.

FILES

       /usr/sbin/reducecap

EXAMPLES

       # You are not root now # What is the current capability ceiling  cat  /proc/self/status  #
       The   capBset   line   presents  mostly  1s.   /usr/sbin/reducecap  --secure  /bin/sh  cat
       /proc/self/status # The capBset now shows many more 0s.  # The capEff shows  all  0s,  you
       have  no  privilege  now  # We su to root su cat /proc/self/status # capEff is much better
       now, but there are still many 0s #  Now  we  try  to  see  if  we  are  really  root  tail
       /var/log/messages  # So far so good, we see the content /sbin/ifconfig eth0 /sbin/ifconfig
       eth0 down # No way, we can't configure  the  interface.  In  fact  #  we  have  lost  most
       privilege normally assigned to root exit

       Please contribute some more, if you feel it's important.

AUTHORS

       This  Man page was written by Klavs Klavsen <kl@vsen.dk> and based upon the helpful output
       from  the  program  itself  and   the   documentation   on   the   Virtual   Server   site
       <http://www.solucorp.qc.ca/miscprj/s_context.hc?prjstate=1&nodoc=0>

SEE ALSO

       chcontext(8)  rebootmgr(8)  chbind(8) vps(8) vpstree(8) vrpm(8) vserver(8) vserver-stat(8)
       vtop(8)