Lines Matching full:capable
1 Demonstrations of capable, the Linux eBPF/bcc version.
4 capable traces calls to the kernel cap_capable() function, which does security
7 # ./capable.py
48 Sometimes capable catches itself starting up:
50 # ./capable.py
52 22:22:19 0 21949 capable.py 21 CAP_SYS_ADMIN 1
53 22:22:19 0 21949 capable.py 21 CAP_SYS_ADMIN 1
54 22:22:19 0 21949 capable.py 21 CAP_SYS_ADMIN 1
55 22:22:19 0 21949 capable.py 21 CAP_SYS_ADMIN 1
56 22:22:19 0 21949 capable.py 21 CAP_SYS_ADMIN 1
57 22:22:19 0 21949 capable.py 21 CAP_SYS_ADMIN 1
66 # ./capable.py -h
67 usage: capable.py [-h] [-v] [-p PID]
77 ./capable # trace capability checks
78 ./capable -v # verbose: include non-audit checks
79 ./capable -p 181 # only trace PID 181