cage is a creator of unbreakable padded cells for untrusted applications. Use it when you would like to chroot a program that wants to run as root. (e.g. sendmail, sshd, etc.)
Ordinarily, applications run as root have the capabilities required to break out of their chroot jail; however, before executing your command, cage chroots into the directory you specify, then drops all privileges that would allow your process to bust out.
By default, the removed privileges currently include:
Set capabilities on arbitrary processes.
The ability to insert loadable kernel modules that hijack systems calls.
Read/write access to kernel memory, keyboard controller, I/O devices, etc.
Allows a process to change its root directory, the obvious way to break chroot.
Attach to, and control the execution of, arbitrary processes.
Allows mounting and unmounting of filesystems, among other things.
Allows a process to create device nodes.
Installation is straightforward. Either install the red hat 7.2 RPM, or:
$ tar -zxf cage-0.80.tar.gz
$ cd cage-0.80
# make install
Then, follow these intructions to set up POSIX 1003.1e capabilities
To run sendmail under /home/sendmail the following command would be used:
cage -- /home/sendmail /usr/sbin/sendmail -bd -q15m
The `--' is only required if the command to be run has dashed arguments.
To run slapd under /home/ldap with only the capabilities required to bind to a privileged port:
cage -c cap_net_bind_service=eip /home/ldap slapd