Company Innovation Man pages Tech News Developer Mirrors Search
 
chcontext   (8) manpage
chcontext
8
0.1.0
Klavs Klavsen
System Administration
  • NAME
      chcontext - chcontext allocates a new security context and executes a command in that context.
  • SYNTAX
      chcontext [options] <command arguments>
  • DESCRIPTION
      chcontext allocates a new security context and executes a command in that context. By default, a new/unused context is allocated
  • OPTIONS
      --cap CAP_NAME
      Add a capability from the command. This option may be repeated several time. See /usr/include/linux/capability.h In general, this option is used with the --secure option. --secure removes most critical capabilities and --cap adds specific ones.
      --cap !CAP_NAME
      Remove a capability from the command. This option may be repeated several time. See /usr/include/linux/capability.h
      --ctx num
      Select the context. Only root in context 0 is allowed to select a specific context. Context number 1 is special. It can see all processes in any contexts, but can't kill them though.
      --disconnect
      Start the command in background and make the process a child of process 1.
      --domainname new_domainname
      Set the domainname (NIS) in the new security context. Use "none" to unset the domainname.
      --flag
      Set one flag in the new or current security context. The following flags are supported. The option may be used several time.    lock: The new process is trapped and can't use          chcontext anymore.    sched: The new process and its children will           share a common execution priority.    nproc: Limit the number of process in the           vserver according to ulimit setting.           Normally, ulimit is a per user thing.           With this flag, it becomes a per vserver           thing.    private: No one can join this security context             once created.
      --hostname new_hostname
      Set the hostname in the new security context. This is needed because if you create a less privileged security context, it may be unable to change its hostname.
      --secure
      Remove all the capabilities to make a virtual server trustable.
      --silent
      Do not print the allocated context number. Information about context is found in /proc/self/status
  • FILES
      /usr/sbin/chcontext

  • EXAMPLES
      # You must be root, running X.               # We start an xterm in another security context    /usr/sbin/chcontext xterm &
      # We check, there is no xterm running, yet we can # see it. ps ax | grep xterm
      # Are we running in security context 0 # We check the s_context line in /proc/self/status cat /proc/self/status
      # Ok we in security context 0 # Try the security context 1 /usr/sbin/chcontext --ctx 1 ps ax | grep xterm
      # Ok, we see the xterm, we try to kill it /usr/sbin/chcontext --ctx 1 killall xterm
      # No, security context 1 can see, but can't kill # let's find out in which security context this # xterm is running /usr/sbin/chcontext --ctx 1 ps ax | grep xterm
      # Ok, this is PID XX. We need the security context /usr/sbin/chcontext --ctx 1 cat /proc/XX/status
      # We see the s_context, this is SS. # We want to kill this process /usr/sbin/chcontext --ctx SS killall xterm Please contribute some, if you feel it's important.
  • AUTHORS
      This Man page was written by Klavs Klavsen <kl@vsen.dk> and based upon the helpful output from the program itself and the documentation on the Virtual Server site <http://www.solucorp.qc.ca/miscprj/s_context.hc?prjstate=1&nodoc=0>
  • SEE ALSO
Current Users: 30 © 1999-2006 Linux.com.hk PenguinSoft
All trademarks and copyrights on this page are owned by their respective companies. Linux is a trademark of Linus Torvalds.