Skip to content
/ runcap Public

Run programs temporarily with capabilities as non-root

git.sr.ht/~demindiro/runcap

License

AGPL-3.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Demindiro/runcap

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
main.c
main.c
 
 

Repository files navigation

runcap

This program allows granting specific capabilities to non-root processes.

Why not capsh?

capsh is (IMO) awful to use and I couldn't find an alternative. For some reason the Debian version misses --addamb too which makes it effectively useless. I also can't figure out how to make it exec() ("chainload") a program.

How it works

  • Set UID & GID (with set_uid and set_groups, which are special).
  • Put a list of capabilities in the effective, inheritable and permitted sets.
  • Put those capabilities in the ambient set.
  • Execute the program.

TODO

It may be worth setting the bounding set properly.

About

Run programs temporarily with capabilities as non-root

git.sr.ht/~demindiro/runcap

Resources

Readme

License

AGPL-3.0 license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages