[GLLUG] Does anyone use Linux capabilities ?
Andy Smith
andy at bitfolk.com
Tue Oct 28 18:15:59 UTC 2014
Hello,
On Tue, Oct 28, 2014 at 05:34:03PM +0000, Alain Williams wrote:
> On Tue, Oct 28, 2014 at 05:28:41PM +0000, Andy Smith wrote:
> > Ditto, but also to trace processes (lsof, strace and friends). In
> > recent kernels non-root user can't even strace their own processes.
>
> !!! That is taking one of my favourite toys away!
Only relevant if your distribution uses the YAMA LSM. Ubuntu does.
> So: is there a new capability to allow strace of yourself, or do you have to
> give CAP_SYS_PTRACE which allows strace of anything ?
Details here:
https://www.kernel.org/doc/Documentation/security/Yama.txt
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
More information about the GLLUG
mailing list