diff options
Diffstat (limited to 'system/cage/README.SLACKWARE')
| -rw-r--r-- | system/cage/README.SLACKWARE | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/system/cage/README.SLACKWARE b/system/cage/README.SLACKWARE new file mode 100644 index 0000000000..3cac4ce8e5 --- /dev/null +++ b/system/cage/README.SLACKWARE @@ -0,0 +1,22 @@ +For example: + +root@pc:~# chmod 0755 /bin/ping +root@pc:~# setcap 'cap_net_raw=ie' /bin/ping + +root@pc:~# su menno +menno@pc:/root$ ping -c1 www.zonnet.nl +ping: icmp open socket: Operation not permitted +menno@pc:/root$ exit + +root@pc:~# cage -u 1000 -c 'cap_setuid=pe cap_net_raw=pie' / /bin/sh +menno@pc:/$ ping -c1 www.zonnet.nl +PING www.zonnet.nl (62.58.50.202) 56(84) bytes of data. +64 bytes from www.tele2.nl (62.58.50.202): icmp_seq=1 ttl=116 time=27.0 ms + +--- www.zonnet.nl ping statistics --- +1 packets transmitted, 1 received, 0% packet loss, time 0ms +rtt min/avg/max/mdev = 27.054/27.054/27.054/0.000 ms +menno@pc:/$ /sbin/getpcaps $$ +Capabilities for `7242': = cap_net_raw+i +menno@pc:/$ exit + |