Projects / Capability Override LSM

Capability Override LSM

The Capability Override LSM is a Linux kernel module which, when installed, gives processes running with certain (admin-configured) user or group IDs access to one or more POSIX.1e capabilities.

Operating Systems

Recent releases

  •  11 Oct 2004 02:05

    Release Notes: The module has been fixed to handle some API changes in recent 2.6 kernels.

    •  12 Dec 2003 23:06

      Release Notes: SMP issues in the module have been fixed. The policy compiler now has a fairly solid warning mechanism. Support for CAP_SETPCAP was removed due to security issues.

      •  07 Dec 2003 11:25

        Release Notes: This version fixes a few bugs in the policy compiler, including one that caused it to have problems using the 'users' group. Symlink handling has also been much improved.

        •  07 Dec 2003 11:22

          Release Notes: Rule checks are done at program load rather than for each system call, so there is less overhead. The policy can specify which rules should cause audit data to be produced. The policy compiler has much better error checking. Several bugs in the module were fixed, including a memory leak, and a race that occurred when using path checks.

          •  05 Dec 2003 15:00

            Release Notes: Processes can now be authorized based on the path of the executable. The policy mechanism has been completely redesigned, and is significantly more flexible and powerful. Several bugs of varying severity have been fixed. The documentation now includes a short howto on configuring a policy for your site.


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.