New Capabilities Introduced

Several other capabilities had to be introduced in addition to the existing POSIX and Linux specific capabilities to enable correct functioning of LinSec:

• CAP_PROC_PROTECTED: refer to Subsection 4.2.11.
• CAP_PROC_UNKILLABLE: refer to Subsection 4.2.11.
• CAP_PROC_GOD: refer to Subsection 4.2.11.
• CAP_PROC_HIDDEN: refer to Subsection 4.2.11.
• CAP_NET_HIDDEN: refer to Subsection 4.2.11.
• CAP_SYS_BOOTTIME: refer to Subsection 4.2.10.
• CAP_MOD_CAP: a process that has this capability in its effective set is allowed to modify its own permitted and effective capability sets. This feature is necessary for the correct operation of userspace LinSec administrative tools^4.7.
• CAP_ACD_OVERRIDE: a process with this capability in its effective capability set bypasses LinSec file system access domain control mechanisms (Section 4.3). This feature is necessary for the correct operation of userspace LinSec administrative tools.
• CAP_LINSEC_ADMIN: a process with this capability in its effective capability set can configure LinSec mandatory security policy (Section 4.5).

Footnotes

... tools^4.7

To perform LinSec administrative tasks, a process needs to have CAP_LINSEC_ADMIN capability in its effective capability set. As static allocation of the capability to any program is regarded risky (due to eg. buffer overflow attacks on the capability model itself), the process is allowed to modify its capability sets, after the user that invoked it has provided correct administrative password.