capable.bt(8) | System Manager's Manual | capable.bt(8) |
NAME
capable.bt - Trace security capability checks (cap_capable()).
SYNOPSIS
capable.bt
DESCRIPTION
This traces security capability checks in the kernel, and prints details for each call. This can be useful for general debugging, and also security enforcement: determining a white list of capabilities an application needs.
Since this uses BPF, only the root user can use this tool.
REQUIREMENTS
CONFIG_BPF, bpftrace.
EXAMPLES
- Trace all capability checks system-wide:
- # capable.bt
FIELDS
OVERHEAD
This adds low-overhead instrumentation to capability checks, which are expected to be low frequency, however, that depends on the application. Test in a lab environment before use.
SOURCE
This is from bpftrace.
Also look in the bpftrace distribution for a companion _examples.txt file containing example usage, output, and commentary for this tool.
This is a bpftrace version of the bcc tool of the same name. The bcc tool provides options to customize the output.
OS
Linux
STABILITY
Unstable - in development.
AUTHOR
Brendan Gregg
SEE ALSO
capabilities(7)
2018-09-08 | USER COMMANDS |