chapter06/libcap.xml

   1 <?xml version="1.0" encoding="ISO-8859-1"?>
   2 <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
   3   "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
   4   <!ENTITY % general-entities SYSTEM "../general.ent">
   5   %general-entities;
   6 ]>
   7
   8 <sect1 id="ch-system-libcap" role="wrap">
   9   <?dbhtml filename="libcap.html"?>
  10
  11   <sect1info condition="script">
  12     <productname>libcap</productname>
  13     <productnumber>&libcap-version;</productnumber>
  14     <address>&libcap-url;</address>
  15   </sect1info>
  16
  17   <title>Libcap-&libcap-version;</title>
  18
  19   <indexterm zone="ch-system-libcap">
  20     <primary sortas="a-Libcap">Libcap</primary>
  21   </indexterm>
  22
  23   <sect2 role="package">
  24     <title/>
  25
  26     <para>The Libcap package implements the user-space interfaces to the POSIX
  27     1003.1e capabilities available in Linux kernels. These capabilities are a
  28     partitioning of the all powerful root privilege into a set of distinct
  29     privileges.</para>
  30
  31     <segmentedlist>
  32       <segtitle>&buildtime;</segtitle>
  33       <segtitle>&diskspace;</segtitle>
  34
  35       <seglistitem>
  36         <seg>&libcap-ch6-sbu;</seg>
  37         <seg>&libcap-ch6-du;</seg>
  38       </seglistitem>
  39     </segmentedlist>
  40
  41   </sect2>
  42
  43   <sect2 role="installation">
  44     <title>Installation of Libcap</title>
  45
  46     <para>Prevent a static library from being installed:</para>
  47
  48 <screen><userinput remap="pre">sed -i '/install.*STALIBNAME/d' libcap/Makefile</userinput></screen>
  49
  50     <para>Compile the package:</para>
  51
  52 <screen><userinput remap="make">make</userinput></screen>
  53
  54     <para>This package does not come with a test suite.</para>
  55
  56     <para>Install the package:</para>
  57
  58 <screen><userinput remap="install">make RAISE_SETFCAP=no lib=lib prefix=/usr install
  59 chmod -v 755 /usr/lib/libcap.so</userinput></screen>
  60
  61     <variablelist>
  62       <title>The meaning of the make option:</title>
  63
  64       <varlistentry>
  65         <term><parameter>RAISE_SETFCAP=no</parameter></term>
  66         <listitem>
  67           <para>This parameter skips trying to use <command>setcap</command>
  68           on itself. This avoids an installation error if the kernel or file
  69           system does not support extended capabilities.</para>
  70         </listitem>
  71       </varlistentry>
  72
  73       <varlistentry>
  74         <term><parameter>lib=lib</parameter></term>
  75         <listitem>
  76           <para>This parameter installs the library in
  77           <filename>$prefix/lib</filename> rather than
  78           <filename>$prefix/lib64</filename> on x86_64. It has no effect on
  79           x86.</para>
  80         </listitem>
  81       </varlistentry>
  82
  83     </variablelist>
  84
  85     <para>The shared library needs to be moved to
  86     <filename class="directory">/lib</filename>, and as a result the
  87     <filename class="extension">.so</filename> file in
  88     <filename class="directory">/usr/lib</filename> will need to be recreated:</para>
  89
  90 <screen><userinput remap="install">mv -v /usr/lib/libcap.so.* /lib
  91 ln -sfv ../../lib/$(readlink /usr/lib/libcap.so) /usr/lib/libcap.so</userinput></screen>
  92
  93   </sect2>
  94
  95   <sect2 id="contents-libcap" role="content">
  96     <title>Contents of Libcap</title>
  97
  98     <segmentedlist>
  99       <segtitle>Installed programs</segtitle>
 100       <segtitle>Installed library</segtitle>
 101
 102       <seglistitem>
 103         <seg>capsh, getcap, getpcaps, and setcap</seg>
 104         <seg>libcap.so</seg>
 105       </seglistitem>
 106     </segmentedlist>
 107
 108     <variablelist>
 109       <bridgehead renderas="sect3">Short Descriptions</bridgehead>
 110       <?dbfo list-presentation="list"?>
 111       <?dbhtml list-presentation="table"?>
 112
 113       <varlistentry id="capsh">
 114         <term><command>capsh</command></term>
 115         <listitem>
 116           <para>A shell wrapper to explore and constrain capability support</para>
 117           <indexterm zone="ch-system-libcap capsh">
 118             <primary sortas="b-capsh">capsh</primary>
 119           </indexterm>
 120         </listitem>
 121       </varlistentry>
 122
 123       <varlistentry id="getcap">
 124         <term><command>getcap</command></term>
 125         <listitem>
 126           <para>Examines file capabilities</para>
 127           <indexterm zone="ch-system-libcap getcap">
 128             <primary sortas="b-getcap">getcap</primary>
 129           </indexterm>
 130         </listitem>
 131       </varlistentry>
 132
 133       <varlistentry id="getpcaps">
 134         <term><command>getpcaps</command></term>
 135         <listitem>
 136           <para>Displays the capabilities on the queried process(es)</para>
 137           <indexterm zone="ch-system-libcap getpcaps">
 138             <primary sortas="b-getpcaps">getpcaps</primary>
 139           </indexterm>
 140         </listitem>
 141       </varlistentry>
 142
 143       <varlistentry id="setcap">
 144         <term><command>setcap</command></term>
 145         <listitem>
 146           <para>Sets file capabilities</para>
 147           <indexterm zone="ch-system-libcap setcap">
 148             <primary sortas="b-setcap">setcap</primary>
 149           </indexterm>
 150         </listitem>
 151       </varlistentry>
 152
 153       <varlistentry id="libcap">
 154         <term><filename class="libraryfile">libcap</filename></term>
 155         <listitem>
 156           <para>Contains the library functions for manipulating POSIX 1003.1e
 157           capabilities</para>
 158           <indexterm zone="ch-system-libcap libcap">
 159             <primary sortas="c-libcap">libcap</primary>
 160           </indexterm>
 161         </listitem>
 162       </varlistentry>
 163
 164     </variablelist>
 165
 166   </sect2>
 167
 168 </sect1>