libcap.xml 5.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165
  1. <?xml version="1.0" encoding="UTF-8"?>
  2. <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
  3. "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
  4. <!ENTITY % general-entities SYSTEM "../general.ent">
  5. %general-entities;
  6. ]>
  7. <sect1 id="ch-system-libcap" role="wrap">
  8. <?dbhtml filename="libcap.html"?>
  9. <sect1info condition="script">
  10. <productname>libcap</productname>
  11. <productnumber>&libcap-version;</productnumber>
  12. <address>&libcap-url;</address>
  13. </sect1info>
  14. <title>Libcap-&libcap-version;</title>
  15. <indexterm zone="ch-system-libcap">
  16. <primary sortas="a-Libcap">Libcap</primary>
  17. </indexterm>
  18. <sect2 role="package">
  19. <title/>
  20. <para>Libcap 软件包为 Linux 内核提供的 POSIX 1003.1e
  21. 权能字实现用户接口。这些权能字是 root
  22. 用户的最高特权分割成的一组不同权限。</para>
  23. <segmentedlist>
  24. <segtitle>&buildtime;</segtitle>
  25. <segtitle>&diskspace;</segtitle>
  26. <seglistitem>
  27. <seg>&libcap-ch6-sbu;</seg>
  28. <seg>&libcap-ch6-du;</seg>
  29. </seglistitem>
  30. </segmentedlist>
  31. </sect2>
  32. <sect2 role="installation">
  33. <title>安装 Libcap</title>
  34. <para>防止静态库的安装:</para>
  35. <screen><userinput remap="pre">sed -i '/install.*STALIBNAME/d' libcap/Makefile</userinput></screen>
  36. <para>编译该软件包:</para>
  37. <screen><userinput remap="make">make</userinput></screen>
  38. <para>该软件包不包含测试套件。</para>
  39. <para>安装该软件包:</para>
  40. <screen><userinput remap="install">make RAISE_SETFCAP=no lib=lib prefix=/usr install
  41. chmod -v 755 /usr/lib/libcap.so</userinput></screen>
  42. <variablelist>
  43. <title>make 命令选项的含义:</title>
  44. <varlistentry>
  45. <term><parameter>RAISE_SETFCAP=no</parameter></term>
  46. <listitem>
  47. <para>该参数跳过对 <command>setcap</command> 使用它本身的步骤。
  48. 这可以避免在不支持扩展权能字的内核或文件系统上发生安装错误。
  49. </para>
  50. </listitem>
  51. </varlistentry>
  52. <varlistentry>
  53. <term><parameter>lib=lib</parameter></term>
  54. <listitem>
  55. <para>在 x86_64 上,该参数将库安装在
  56. <filename>$prefix/lib</filename>,而不是
  57. <filename>$prefix/lib64</filename>。 它在 x86 上没有作用。</para>
  58. </listitem>
  59. </varlistentry>
  60. </variablelist>
  61. <para>需要把共享库移动到
  62. <filename class="directory">/lib</filename>,因此
  63. <filename class="directory">/usr/lib</filename> 中的
  64. <filename class="extension">.so</filename> 符号链接需要重新建立:</para>
  65. <screen><userinput remap="install">mv -v /usr/lib/libcap.so.* /lib
  66. ln -sfv ../../lib/$(readlink /usr/lib/libcap.so) /usr/lib/libcap.so</userinput></screen>
  67. </sect2>
  68. <sect2 id="contents-libcap" role="content">
  69. <title>Libcap 的内容</title>
  70. <segmentedlist>
  71. <segtitle>安装的程序</segtitle>
  72. <segtitle>安装的库</segtitle>
  73. <seglistitem>
  74. <seg>capsh, getcap, getpcaps, 以及 setcap</seg>
  75. <seg>libcap.so</seg>
  76. </seglistitem>
  77. </segmentedlist>
  78. <variablelist>
  79. <bridgehead renderas="sect3">简要描述</bridgehead>
  80. <?dbfo list-presentation="list"?>
  81. <?dbhtml list-presentation="table"?>
  82. <varlistentry id="capsh">
  83. <term><command>capsh</command></term>
  84. <listitem>
  85. <para>一个用于演示和限制 Linux 权能字的 shell 封装器</para>
  86. <indexterm zone="ch-system-libcap capsh">
  87. <primary sortas="b-capsh">capsh</primary>
  88. </indexterm>
  89. </listitem>
  90. </varlistentry>
  91. <varlistentry id="getcap">
  92. <term><command>getcap</command></term>
  93. <listitem>
  94. <para>检验文件权能字</para>
  95. <indexterm zone="ch-system-libcap getcap">
  96. <primary sortas="b-getcap">getcap</primary>
  97. </indexterm>
  98. </listitem>
  99. </varlistentry>
  100. <varlistentry id="getpcaps">
  101. <term><command>getpcaps</command></term>
  102. <listitem>
  103. <para>查询进程的权能字</para>
  104. <indexterm zone="ch-system-libcap getpcaps">
  105. <primary sortas="b-getpcaps">getpcaps</primary>
  106. </indexterm>
  107. </listitem>
  108. </varlistentry>
  109. <varlistentry id="setcap">
  110. <term><command>setcap</command></term>
  111. <listitem>
  112. <para>设定文件权能字</para>
  113. <indexterm zone="ch-system-libcap setcap">
  114. <primary sortas="b-setcap">setcap</primary>
  115. </indexterm>
  116. </listitem>
  117. </varlistentry>
  118. <varlistentry id="libcap">
  119. <term><filename class="libraryfile">libcap</filename></term>
  120. <listitem>
  121. <para>包含操作 POSIX 1003.1e 权能字的库函数</para>
  122. <indexterm zone="ch-system-libcap libcap">
  123. <primary sortas="c-libcap">libcap</primary>
  124. </indexterm>
  125. </listitem>
  126. </varlistentry>
  127. </variablelist>
  128. </sect2>
  129. </sect1>