Lines Matching +full:in +full:- +full:process
9 "Allows a process to arbitrarily change the user and",
14 "Allows a process to override of all Discretionary",
17 "process would otherwise not have access to. This",
22 "Allows a process to override all DAC restrictions",
29 "Allows a process to perform operations on files, even",
35 "by another UID in a directory protected by the sticky",
40 "Allows a process to set the S_ISUID and S_ISUID bits of",
41 "the file permissions, even when the process' effective",
47 "Allows a process to send a kill(2) signal to any other",
48 "process - overriding the limitation that there be a",
49 "[E]UID match between source and target process.",
53 "Allows a process to freely manipulate its own GIDs:",
54 " - arbitrarily set the GID, EGID, REGID, RESGID values",
55 " - arbitrarily set the supplementary GIDs",
56 " - allows the forging of GID credentials passed over a",
61 "Allows a process to freely manipulate its own UIDs:",
62 " - arbitrarily set the UID, EUID, REUID and RESUID",
64 " - allows the forging of UID credentials passed over a",
69 "Allows a process to freely manipulate its inheritable",
73 "vector) known in Linux as the Bounding vector, as well as",
77 "vector (ie. raising B bits in the libcap IAB",
78 "representation). It also permits the process to raise",
79 "Ambient vector bits that are both raised in the Permitted",
80 "and Inheritable sets of the process. This capability cannot",
82 "already present in the process' permitted set, or",
83 "Inheritable bits beyond those present in the Bounding",
96 "Allows a process to modify the S_IMMUTABLE and",
101 "Allows a process to bind to privileged ports:",
102 " - TCP/UDP sockets below 1024",
103 " - ATM VCIs below 32",
107 "Allows a process to broadcast to the network and to",
112 "Allows a process to perform network configuration",
114 " - interface configuration",
115 " - administration of IP firewall, masquerading and",
117 " - setting debug options on sockets",
118 " - modification of routing tables",
119 " - setting arbitrary process, and process group",
121 " - binding to any address for transparent proxying",
123 " - setting TOS (Type of service)",
124 " - setting promiscuous mode",
125 " - clearing driver statistics",
126 " - multicasing",
127 " - read/write of device-specific registers",
128 " - activation of ATM control sockets",
132 "Allows a process to use raw networking:",
133 " - RAW sockets",
134 " - PACKET sockets",
135 " - binding to any address for transparent proxying",
140 "Allows a process to lock shared memory segments for IPC",
146 "Allows a process to override IPC ownership checks.",
150 "Allows a process to initiate the loading and unloading",
156 "Allows a process to perform raw IO:",
157 " - permit ioper/iopl access",
158 " - permit sending USB messages to any device via",
163 "Allows a process to perform a chroot syscall to change",
164 "the effective root of the process' file system:",
169 "Allows a process to perform a ptrace() of any other",
170 "process.",
174 "Allows a process to configure process accounting.",
178 "Allows a process to perform a somewhat arbitrary",
179 "grab-bag of privileged operations. Over time, this",
182 " - configuration of the secure attention key",
183 " - administration of the random device",
184 " - examination and configuration of disk quotas",
185 " - setting the domainname",
186 " - setting the hostname",
187 " - calling bdflush()",
188 " - mount() and umount(), setting up new SMB connection",
189 " - some autofs root ioctls",
190 " - nfsservctl",
191 " - VM86_REQUEST_IRQ",
192 " - to read/write pci config on alpha",
193 " - irix_prctl on mips (setstacksize)",
194 " - flushing all cache on m68k (sys_cacheflush)",
195 " - removing semaphores",
196 " - Used instead of CAP_CHOWN to \"chown\" IPC message",
198 " - locking/unlocking of shared memory segment",
199 " - turning swap on/off",
200 " - forged pids on socket credentials passing",
201 " - setting readahead and flushing buffers on block",
203 " - setting geometry in floppy driver",
204 " - turning DMA on/off in xd driver",
205 " - administration of md devices (mostly the above, but",
207 " - tuning the ide driver",
208 " - access to the nvram device",
209 " - administration of apm_bios, serial and bttv (TV)",
211 " - manufacturer commands in isdn CAPI support driver",
212 " - reading non-standardized portions of PCI",
214 " - DDI debug ioctl on sbpcd driver",
215 " - setting up serial ports",
216 " - sending raw qic-117 commands",
217 " - enabling/disabling tagged queuing on SCSI",
219 " - setting encryption key on loopback filesystem",
220 " - setting zone reclaim policy",
224 "Allows a process to initiate a reboot of the system.",
228 "Allows a process to maipulate the execution priorities",
230 " - those involving different UIDs",
231 " - setting their CPU affinity",
232 " - alter the FIFO vs. round-robin (realtime)",
237 "Allows a process to adjust resource related parameters",
239 " - set and override resource limits",
240 " - override quota limits",
241 " - override the reserved space on ext2 filesystem",
243 " - modify the data journaling mode on ext3 filesystem,",
245 " - override size restrictions on IPC message queues",
246 " - configure more than 64Hz interrupts from the",
247 " real-time clock",
248 " - override the maximum number of consoles for console",
250 " - override the maximum number of keymaps",
254 "Allows a process to perform time manipulation of clocks:",
255 " - alter the system clock",
256 " - enable irix_stime on MIPS",
257 " - set the real-time clock",
261 "Allows a process to manipulate tty devices:",
262 " - configure tty devices",
263 " - perform vhangup() of a tty",
267 "Allows a process to perform privileged operations with",
272 "Allows a process to take leases on files.",
276 "Allows a process to write to the audit log via a",
281 "Allows a process to configure audit logging via a",
286 "Allows a process to set capabilities on files.",
287 "Permits a process to uid_map the uid=0 of the",
289 "namespace. Also, permits a process to override",
295 "Allows a process to override Manditory Access Control",
302 "Allows a process to configure the Mandatory Access",
309 "Allows a process to configure the kernel's syslog",
314 "Allows a process to trigger something that can wake the",
319 "Allows a process to block system suspends - prevent the",
324 "Allows a process to read the audit log via a multicast",
329 "Allows a process to enable observability of privileged",
336 "Allows a process to manipulate aspects of the kernel",
339 "programs. CAP_BPF permits a process to:",
340 " - create all types of BPF maps",
341 " - advanced verifier features:",
342 " - indirect variable access",
343 " - bounded loops",
344 " - BPF to BPF function calls",
345 " - scalar precision tracking",
346 " - larger complexity limits",
347 " - dead code elimination",
348 " - potentially other features",
352 " - CAP_PERFMON relaxes the verifier checks as follows:",
353 " - BPF programs can use pointer-to-integer",
355 " - speculation attack hardening measures can be",
357 " - bpf_probe_read to read arbitrary kernel memory is",
359 " - bpf_trace_printk to print the content of kernel",
361 " - CAP_SYS_ADMIN permits the following:",
362 " - use of bpf_probe_write_user",
363 " - iteration over the system-wide loaded programs,",
366 " - CAP_PERFMON is required to load tracing programs.",
367 " - CAP_NET_ADMIN is required to load networking",
372 "Allows a process to perform checkpoint",