Capability

From LQWiki
Jump to navigation Jump to search

The definition of capability depends on the context.

The two main contexts which would be sensible to differentiate here are: "Capability Theory" and "SE-Linux".

I believe Norm Hardy pioneered Capability Theory well before SE-Linux even existed, but I encourage the reader to explore both, and verify. You can learn more about Norm, and Capability Theory, at http://www.cap-lore.com/

http://en.wikipedia.org/wiki/Security-Enhanced_Linux provides a very good overview of SE-Linux. http://wiki.linuxquestions.org/wiki/SELinux does a great job as well :-)

Basically, a capability is a reified "ability to do something". It can be granted or given to an entity (user, process, context) so that entity can do that thing (access a particular resource in a particular way). I probably have that wrong in some number of egregious ways (respective of both contexts) so I encourage the reader to explore the above websites for details.

In the context of SE-Linux - here's an example of what it can take to add capabilities to get some particular mechanism to work: http://www.felix-schwarz.name/CentOS,_SELinux_and_php_mail_(en)

Having read this, if you're still confused about the definition of capability, that's a very good thing, since I'm barely scratching the surface here. I hope the URLs I've provided will set you upon a great learning journey.