Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

compartment(1) [debian man page]

COMPARTMENT(1)						      General Commands Manual						    COMPARTMENT(1)

NAME

       compartment - secure program/service wrapper

SYNOPSIS

       compartment [--cap CAPSET] [--chroot PATH] [--user USER] [--group GROUP] [--init PROGRAM] [--verbose] [--quiet] [--fork] /full/path/to/pro-
       gram

DESCRIPTION

       The Secure Compartment was designed to allow safe execution of priviliged and/or untrusted executables and services.  It has got  all  fea-
       tures possible included, which can be used to minimize the risk of a trojanized or vulnerable program/service.

COMMANDLINE OPTIONS

       --cap CAPSET
	      sets the defined CAPABILITY for the process.  See the README file and the section LIMITATIONS for more information and examples.

       --chroot PATH
	      chroots to the PATH defined. It has to be a valid chroot environment.  See the README file for more information and examples.

       --user USER
	      runs the program with uid/euid of USER

       --group GROUP
	      runs the program with gid/egid of GROUP

       --init PROGRAM
	      runs PROGRAM before running the untrusted program/service, e.g. to build a chroot environment

       --verbose
	      prints detailled information what compartment does.

       --quit does not print syslog information about the use of compartment

       --fork forks if everything was set up correctly, mother process will exit.

FEATURES

       Linux Capabilities

       supports all Linux capabilites
	      (see /usr/include/linux/capability.h and the README file)

       Chrooting

       supports a chroot setup

       Privileges

       supports running with defined user and/or group privileges

       Setup Scripts

       supports running of initial scripts
	      before running a program/service, e.g. to build a chroot environment.

LIMITATIONS

       Currently  the  kernel  does not allow capabilities on processes which are not running with euid 0. Therefore compartment will exit with an
       error if --user and --cap is used together.

       Please note that this will change for the 2.4 kernel.

BUGS

       No bugs are currently known

AUTHOR

       Marc Heuse <marc@suse.de>

DISTRIBUTION

       compartment is part of the SuSE Linux Distribtution since 7.0 so it can be downloaded as an RPM file from the SuSE FTP servers. It can also
       be downloaded as a .tar.gz file from http://www.suse.de/~marc

       It has been also part of the Debian GNU/Linux distribution since just after woody (Debian 3.0)

LICENCE

       This  program  is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by
       the Free Software Foundation; Version 2.

       This program is distributed in the hope that it will be useful, but WITHOUT ANY	WARRANTY;  without  even  the  implied	warranty  of  MER-
       CHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

SEE ALSO

       capset (2), chroot (1), chroot (2)

																    COMPARTMENT(1)

Check Out this Related Man Page

PIN(1)							      General Commands Manual							    PIN(1)

NAME

       pin - Package InformatioN

SYNOPSIS

       pin [OPTION] [PACKAGENAME/FILE]

DESCRIPTION

       Pin  searches  the  installed  packages	(rpm  -qi,  -ql)  and/or  the ARCHIVES.gz file for the desired information.  It shows also README,
       README.SuSE, FAQ, when available.

       It is also possible to search through different version with the -v option, if you have the ARCHIVES.gz from it.   You  have  to  copy  AR-
       CHIVES.gz to /var/lib/pin/ for this option, don`t forget to name it, e.g. 7.1-ppc, 7.2-i386.

       pin    open a dialog box and wait for searchstring

       pin <name>
	      searches for a package <name>

       pin -f <name>
	      greping also if package was found

       pin -v <version> <name>
	      searches through another version, not the default

AUTHOR

       Written by Martin Lasarsch

REPORTING BUGS

       Report bugs to <mlasars@suse.de>

CREDITS

       thanks to henne <scripts@hennevogel.de> for hosting & advertising and Stefan Schmidt for better sorting. Christian Boltz for testing, fixes
       and recommendations.

COPYRIGHT

       This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as  published	by
       the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

       This  program  is  distributed  in  the	hope  that  it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MER-
       CHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.

       You should have received a copy of the GNU General Public License along with this program; if not, write to the Free  Software  Foundation,
       Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

pin								  September 2001							    PIN(1)
Man Page