v811_spc009/external/bcc/man/man8/capable.8

.TH capable 8  "2016-09-13" "USER COMMANDS"
.SH NAME
capable \- Trace security capability checks (cap_capable()).
.SH SYNOPSIS
.B capable [\-h] [\-v] [\-p PID] [\-K] [\-U]
.SH DESCRIPTION
This traces security capability checks in the kernel, and prints details for
each call. This can be useful for general debugging, and also security
enforcement: determining a white list of capabilities an application needs.

Since this uses BPF, only the root user can use this tool.
.SH REQUIREMENTS
CONFIG_BPF, bcc.
.SH OPTIONS
\-h
USAGE message.
.TP
\-v
Include non-audit capability checks. These are those deemed not interesting and
not necessary to audit, such as CAP_SYS_ADMIN checks on memory allocation to
affect the behavior of overcommit.
.TP
\-K
Include kernel stack traces to the output.
.TP
\-U
Include user-space stack traces to the output.
.SH EXAMPLES
.TP
Trace all capability checks system-wide:
#
.B capable
.TP
Trace capability checks for PID 181:
#
.B capable \-p 181
.SH FIELDS
.TP
TIME(s)
Time of capability check: HH:MM:SS.
.TP
UID
User ID.
.TP
PID
Process ID.
.TP
COMM
Process name.
CAP
Capability number.
NAME
Capability name. See capabilities(7) for descriptions.
.TP
AUDIT
Whether this was an audit event. Use \-v to include non-audit events.
.SH OVERHEAD
This adds low-overhead instrumentation to capability checks, which are expected
to be low frequency, however, that depends on the application. Test in a lab
environment before use.
.SH SOURCE
This is from bcc.
.IP
https://github.com/iovisor/bcc
.PP
Also look in the bcc distribution for a companion _examples.txt file containing
example usage, output, and commentary for this tool.
.SH OS
Linux
.SH STABILITY
Unstable - in development.
.SH AUTHOR
Brendan Gregg
.SH SEE ALSO
capabilities(7)
v811_spc009_project 7 months ago			`.TH capable 8 "2016-09-13" "USER COMMANDS"`
			`.SH NAME`
			`capable \- Trace security capability checks (cap_capable()).`
			`.SH SYNOPSIS`
			`.B capable [\-h] [\-v] [\-p PID] [\-K] [\-U]`
			`.SH DESCRIPTION`
			`This traces security capability checks in the kernel, and prints details for`
			`each call. This can be useful for general debugging, and also security`
			`enforcement: determining a white list of capabilities an application needs.`

			`Since this uses BPF, only the root user can use this tool.`
			`.SH REQUIREMENTS`
			`CONFIG_BPF, bcc.`
			`.SH OPTIONS`
			`\-h`
			`USAGE message.`
			`.TP`
			`\-v`
			`Include non-audit capability checks. These are those deemed not interesting and`
			`not necessary to audit, such as CAP_SYS_ADMIN checks on memory allocation to`
			`affect the behavior of overcommit.`
			`.TP`
			`\-K`
			`Include kernel stack traces to the output.`
			`.TP`
			`\-U`
			`Include user-space stack traces to the output.`
			`.SH EXAMPLES`
			`.TP`
			`Trace all capability checks system-wide:`
			`#`
			`.B capable`
			`.TP`
			`Trace capability checks for PID 181:`
			`#`
			`.B capable \-p 181`
			`.SH FIELDS`
			`.TP`
			`TIME(s)`
			`Time of capability check: HH:MM:SS.`
			`.TP`
			`UID`
			`User ID.`
			`.TP`
			`PID`
			`Process ID.`
			`.TP`
			`COMM`
			`Process name.`
			`CAP`
			`Capability number.`
			`NAME`
			`Capability name. See capabilities(7) for descriptions.`
			`.TP`
			`AUDIT`
			`Whether this was an audit event. Use \-v to include non-audit events.`
			`.SH OVERHEAD`
			`This adds low-overhead instrumentation to capability checks, which are expected`
			`to be low frequency, however, that depends on the application. Test in a lab`
			`environment before use.`
			`.SH SOURCE`
			`This is from bcc.`
			`.IP`
			`https://github.com/iovisor/bcc`
			`.PP`
			`Also look in the bcc distribution for a companion _examples.txt file containing`
			`example usage, output, and commentary for this tool.`
			`.SH OS`
			`Linux`
			`.SH STABILITY`
			`Unstable - in development.`
			`.SH AUTHOR`
			`Brendan Gregg`
			`.SH SEE ALSO`
			`capabilities(7)`