Documentation
¶
Overview ¶
Program compare-cap is a sanity check that Go's cap package is inter-operable with the C libcap.
Program mknames parses the cap_names.h file and creates an equivalent names.go file.
Program ok exits with status zero. We use it as a chroot test. To avoid any confusion, it needs to be linked statically.
Program try-launching validates the cap.Launch feature.
Progam web provides an example of a webserver using capabilities to bind to a privileged port, and then drop all capabilities before handling the first web request.
This program cannot work reliably as a pure Go application without the equivalent of the Go runtime patch that adds a POSIX semantics wrapper around the system calls that change per-thread security state. A patch for the pure Go compiler/runtime to add this support is available here [2019-12-14]:
https://go-review.googlesource.com/c/go/+/210639/
Until that patch, or something like it, is absorbed into the Go runtime the only way to get capabilities to work reliably on the Go runtime is to use something like libpsx via CGo to do capability setting syscalls in C with POSIX semantics. As of this build of the Go "kernel.org/pub/linux/libs/security/libcap/cap" package, courtesy of the "kernel.org/pub/linux/libs/security/libcap/psx" package, this is how things work.
To set this up, compile and empower this binary as follows (read over the detail in the psx package description if this doesn't 'just' work):
go build web.go sudo setcap cap_setpcap,cap_net_bind_service=p web ./web --port=80
Make requests using wget and observe the log of web:
wget -o/dev/null -O/dev/stdout localhost:80
Source Files