logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

compartment - secure program/service wrapper

Contents

Author

       Marc Heuse <marc@suse.de>

Bugs

       No bugs are currently known

Commandline Options

--capCAPSET
              sets the defined CAPABILITY for the process.  See the README file and the section LIMITATIONS  for
              more information and examples.

       --chrootPATHchroots  to  the  PATH  defined. It has to be a valid chroot environment.  See the README file for
              more information and examples.

       --userUSER
              runs the program with uid/euid of USER

       --groupGROUP
              runs the program with gid/egid of GROUP

       --initPROGRAM
              runs PROGRAM before running the untrusted program/service, e.g. to build a chroot environment

       --verbose
              prints detailled information what compartment does.

       --quit does not print syslog information about the use of compartment--fork forks if everything was set up correctly, mother process will exit.

Description

       The SecureCompartment was designed to allow safe execution of priviliged  and/or  untrusted  executables
       and  services.   It  has  got all features possible included, which can be used to minimize the risk of a
       trojanized or vulnerable program/service.

Distribution

compartment is part of the SuSE Linux Distribtution since 7.0 so it can be downloaded as an RPM file from
       the SuSE FTP servers. It can also be downloaded as a .tar.gz file from http://www.suse.de/~marc

       It has been also part of the Debian GNU/Linux distribution since just after woody (Debian 3.0)

Features

LinuxCapabilitiessupportsallLinuxcapabilites
              (see /usr/include/linux/capability.h and the README file)

       ChrootingsupportsachrootsetupPrivilegessupportsrunningwithdefineduserand/orgroupprivilegesSetupScriptssupportsrunningofinitialscripts
              before running a program/service, e.g. to build a chroot environment.

Licence

       This  program  is  free  software;  you  can  redistribute it and/or modify it under the terms of the GNU
       General Public License as published by the Free Software Foundation; Version 2.

       This program is distributed in the hope that it will be useful, but WITHOUT ANY  WARRANTY;  without  even
       the  implied  warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
       License for more details.

Limitations

       Currently the kernel does not allow capabilities  on  processes  which  are  not  running  with  euid  0.
       Therefore compartment will exit with an error if --user and --cap is used together.

       Please note that this will change for the 2.4 kernel.

Name

       compartment - secure program/service wrapper

See Also

capset (2), chroot (1), chroot (2)

                                                                                                  COMPARTMENT(1)

Synopsis

compartment[--capCAPSET][--chrootPATH][--userUSER][--groupGROUP][--initPROGRAM][--verbose][--quiet][--fork]/full/path/to/program

See Also

Man Pages
Program Man Pages
Pocket General
Pocket General SVG Icons
Filing
Filing PNG Icons
Man Pages
chroot Man Pages
Man Pages
service Man Pages
Information
Information PNG Icons
Man Pages
Running Man Pages
Man Pages
linux Man Pages
MCP
Sandbox-mcp Mcp
← View User commands Category← Back to Security and encryption🙏  Credits & Acknowledgments