Capability Override LSM
The Capability Override LSM is a Linux kernel module which, when installed, gives processes running with certain (admin-configured) user or group IDs access to one or more POSIX.1e capabilities.
| Tags | Security Operating System Kernels Linux |
|---|---|
| Licenses | GPL |
| Operating Systems | POSIX Linux |
| Implementation | C |
Recent releases
- 10 Oct 2004 19:05
Changes: The module has been fixed to handle some API changes in recent 2.6 kernels.
- 12 Dec 2003 15:06
Changes: SMP issues in the module have been fixed. The policy compiler now has a fairly solid warning mechanism. Support for CAP_SETPCAP was removed due to security issues.
- 07 Dec 2003 03:25
Changes: This version fixes a few bugs in the policy compiler, including one that caused it to have problems using the 'users' group. Symlink handling has also been much improved.
- 07 Dec 2003 03:22
Changes: Rule checks are done at program load rather than for each system call, so there is less overhead. The policy can specify which rules should cause audit data to be produced. The policy compiler has much better error checking. Several bugs in the module were fixed, including a memory leak, and a race that occurred when using path checks.
- 05 Dec 2003 07:00
Changes: Processes can now be authorized based on the path of the executable. The policy mechanism has been completely redesigned, and is significantly more flexible and powerful. Several bugs of varying severity have been fixed. The documentation now includes a short howto on configuring a policy for your site.
