Next: User Capabilities
Up: LinSec Capability Model
Previous: Overview
Contents
Executable File Capabilities
Although there were some discussions about Executable File Capabilities
on Linux development forums, no actual work has been ever done on them.
With each executable file in the system there are three sets of capabilities,
corresponding to the three capability sets defined for processes by POSIX
1003.6, associated:
- Allowed set (fA): capabilities that can be inherited from the
process that executes this executable.
- Forced set (fF): capabilities that must be contained in the
permitted/effective (Subsection 4.2.7) set of a process
running this executable.
- Effective set: capabilities that will be copied from permitted
to effective capability set (Subsection 4.2.7) of a process
that invoked this executable.