blob: 34ac5993d75bed3c9be0871e2d6cbfed3c584c6f (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
#!/bin/bash
# This file is part of Firejail project
# Copyright (C) 2014-2020 Firejail Authors
# License GPL v2
if [ $# -eq 0 ]
then
echo "Usage: check-caps.sh program-and-arguments"
echo
fi
set -x
firejail --caps.drop=chown "$1"
firejail --caps.drop=dac_override "$1"
firejail --caps.drop=dac_read_search "$1"
firejail --caps.drop=fowner "$1"
firejail --caps.drop=fsetid "$1"
firejail --caps.drop=kill "$1"
firejail --caps.drop=setgid "$1"
firejail --caps.drop=setuid "$1"
firejail --caps.drop=setpcap "$1"
firejail --caps.drop=linux_immutable "$1"
firejail --caps.drop=net_bind_service "$1"
firejail --caps.drop=net_broadcast "$1"
firejail --caps.drop=net_admin "$1"
firejail --caps.drop=net_raw "$1"
firejail --caps.drop=ipc_lock "$1"
firejail --caps.drop=ipc_owner "$1"
firejail --caps.drop=sys_module "$1"
firejail --caps.drop=sys_rawio "$1"
firejail --caps.drop=sys_chroot "$1"
firejail --caps.drop=sys_ptrace "$1"
firejail --caps.drop=sys_pacct "$1"
firejail --caps.drop=sys_admin "$1"
firejail --caps.drop=sys_boot "$1"
firejail --caps.drop=sys_nice "$1"
firejail --caps.drop=sys_resource "$1"
firejail --caps.drop=sys_time "$1"
firejail --caps.drop=sys_tty_config "$1"
firejail --caps.drop=mknod "$1"
firejail --caps.drop=lease "$1"
firejail --caps.drop=audit_write "$1"
firejail --caps.drop=audit_control "$1"
firejail --caps.drop=setfcap "$1"
firejail --caps.drop=mac_override "$1"
firejail --caps.drop=mac_admin "$1"
firejail --caps.drop=syslog "$1"
firejail --caps.drop=wake_alarm "$1"
|
