1 files changed, 46 insertions, 0 deletions
diff --git a/src/tools/check-caps.sh b/src/tools/check-caps.sh
new file mode 100755
index 000000000..13525677b
--- /dev/null
+++ b/src/tools/check-caps.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+if [ $# -eq 0 ]
+then
+        echo "Usage: check-caps.sh program-and-arguments"
+        echo
+fi
+set -x
+firejail --caps.drop=chown "$1"
+firejail --caps.drop=dac_override "$1"
+firejail --caps.drop=dac_read_search "$1"
+firejail --caps.drop=fowner "$1"
+firejail --caps.drop=fsetid "$1"
+firejail --caps.drop=kill "$1"
+firejail --caps.drop=setgid "$1"
+firejail --caps.drop=setuid "$1"
+firejail --caps.drop=setpcap "$1"
+firejail --caps.drop=linux_immutable "$1"
+firejail --caps.drop=net_bind_service "$1"
+firejail --caps.drop=net_broadcast "$1"
+firejail --caps.drop=net_admin "$1"
+firejail --caps.drop=net_raw "$1"
+firejail --caps.drop=ipc_lock "$1"
+firejail --caps.drop=ipc_owner "$1"
+firejail --caps.drop=sys_module "$1"
+firejail --caps.drop=sys_rawio "$1"
+firejail --caps.drop=sys_chroot "$1"
+firejail --caps.drop=sys_ptrace "$1"
+firejail --caps.drop=sys_pacct "$1"
+firejail --caps.drop=sys_admin "$1"
+firejail --caps.drop=sys_boot "$1"
+firejail --caps.drop=sys_nice "$1"
+firejail --caps.drop=sys_resource "$1"
+firejail --caps.drop=sys_time "$1"
+firejail --caps.drop=sys_tty_config "$1"
+firejail --caps.drop=mknod "$1"
+firejail --caps.drop=lease "$1"
+firejail --caps.drop=audit_write "$1"
+firejail --caps.drop=audit_control "$1"
+firejail --caps.drop=setfcap "$1"
+firejail --caps.drop=mac_override "$1"
+firejail --caps.drop=mac_admin "$1"
+firejail --caps.drop=syslog "$1"
+firejail --caps.drop=wake_alarm "$1"

diff --git a/src/tools/check-caps.sh b/src/tools/check-caps.sh new file mode 100755 index 000000000..13525677b --- /dev/null +++ b/src/tools/check-caps.sh
@@ -0,0 +1,46 @@
	1	#!/bin/bash
	2
	3	if [ $# -eq 0 ]
	4	then
	5	echo "Usage: check-caps.sh program-and-arguments"
	6	echo
	7	fi
	8
	9	set -x
	10
	11	firejail --caps.drop=chown "$1"
	12	firejail --caps.drop=dac_override "$1"
	13	firejail --caps.drop=dac_read_search "$1"
	14	firejail --caps.drop=fowner "$1"
	15	firejail --caps.drop=fsetid "$1"
	16	firejail --caps.drop=kill "$1"
	17	firejail --caps.drop=setgid "$1"
	18	firejail --caps.drop=setuid "$1"
	19	firejail --caps.drop=setpcap "$1"
	20	firejail --caps.drop=linux_immutable "$1"
	21	firejail --caps.drop=net_bind_service "$1"
	22	firejail --caps.drop=net_broadcast "$1"
	23	firejail --caps.drop=net_admin "$1"
	24	firejail --caps.drop=net_raw "$1"
	25	firejail --caps.drop=ipc_lock "$1"
	26	firejail --caps.drop=ipc_owner "$1"
	27	firejail --caps.drop=sys_module "$1"
	28	firejail --caps.drop=sys_rawio "$1"
	29	firejail --caps.drop=sys_chroot "$1"
	30	firejail --caps.drop=sys_ptrace "$1"
	31	firejail --caps.drop=sys_pacct "$1"
	32	firejail --caps.drop=sys_admin "$1"
	33	firejail --caps.drop=sys_boot "$1"
	34	firejail --caps.drop=sys_nice "$1"
	35	firejail --caps.drop=sys_resource "$1"
	36	firejail --caps.drop=sys_time "$1"
	37	firejail --caps.drop=sys_tty_config "$1"
	38	firejail --caps.drop=mknod "$1"
	39	firejail --caps.drop=lease "$1"
	40	firejail --caps.drop=audit_write "$1"
	41	firejail --caps.drop=audit_control "$1"
	42	firejail --caps.drop=setfcap "$1"
	43	firejail --caps.drop=mac_override "$1"
	44	firejail --caps.drop=mac_admin "$1"
	45	firejail --caps.drop=syslog "$1"
	46	firejail --caps.drop=wake_alarm "$1"