Closed jonschipp closed 9 years ago
for easy configuration
CAP_SETPCAP Modify process capabilities CAP_SYS_MODULE Insert/Remove kernel modules CAP_SYS_RAWIO Modify Kernel Memory CAP_SYS_PACCT Configure process accounting CAP_SYS_NICE Modify Priority of processes CAP_SYS_RESOURCE Override Resource Limits CAP_SYS_TIME Modify the system clock CAP_SYS_TTY_CONFIG Configure tty devices CAP_AUDIT_WRITE Write the audit log CAP_AUDIT_CONTROL Configure Audit Subsystem CAP_MAC_OVERRIDE Ignore Kernel MAC Policy CAP_MAC_ADMIN Configure MAC Configuration CAP_SYSLOG Modify Kernel printk behavior CAP_NET_ADMIN Configure the network CAP_SYS_ADMIN Catch all
--cap-drop setuid --cap-drop setgid --opt CAP_MKNOD? #creation of device nodes
Complete https://github.com/jonschipp/ISLET/commit/85faf9e7d369bd547e0e5fc4f114ebe2c222d1c6
jonschipp
commented
9 years ago jonschipp
commented
9 years ago
for easy configuration
CAP_SETPCAP Modify process capabilities CAP_SYS_MODULE Insert/Remove kernel modules CAP_SYS_RAWIO Modify Kernel Memory CAP_SYS_PACCT Configure process accounting CAP_SYS_NICE Modify Priority of processes CAP_SYS_RESOURCE Override Resource Limits CAP_SYS_TIME Modify the system clock CAP_SYS_TTY_CONFIG Configure tty devices CAP_AUDIT_WRITE Write the audit log CAP_AUDIT_CONTROL Configure Audit Subsystem CAP_MAC_OVERRIDE Ignore Kernel MAC Policy CAP_MAC_ADMIN Configure MAC Configuration CAP_SYSLOG Modify Kernel printk behavior CAP_NET_ADMIN Configure the network CAP_SYS_ADMIN Catch all
--cap-drop setuid --cap-drop setgid --opt CAP_MKNOD? #creation of device nodes