출처 http://slacksite.com/other/ftp.html

Active FTP vs. Passive FTP, a Definitive Explanation

Contents:


Introduction

One of the most commonly seen questions when dealing with firewalls and other Internet connectivity issues is the difference between active and passive FTP and how best to support either or both of them. Hopefully the following text will help to clear up some of the confusion over how to support FTP in a firewalled environment.

This may not be the definitive explanation, as the title claims, however, I've heard enough good feedback and seen this document linked in enough places to know that quite a few people have found it to be useful. I am always looking for ways to improve things though, and if you find something that is not quite clear or needs more explanation, please let me know! Recent additions to this document include the examples of both active and passive command line FTP sessions. These session examples should help make things a bit clearer. They also provide a nice picture into what goes on behind the scenes during an FTP session. Now, on to the information...


The Basics

FTP is a TCP based service exclusively. There is no UDP component to FTP. FTP is an unusual service in that it utilizes two ports, a 'data' port and a 'command' port (also known as the control port). Traditionally these are port 21 for the command port and port 20 for the data port. The confusion begins however, when we find that depending on the mode, the data port is not always on port 20.


Active FTP

In active mode FTP the client connects from a random unprivileged port (N > 1023) to the FTP server's command port, port 21. Then, the client starts listening to port N+1 and sends the FTP command PORT N+1 to the FTP server. The server will then connect back to the client's specified data port from its local data port, which is port 20.

From the server-side firewall's standpoint, to support active mode FTP the following communication channels need to be opened:

  • FTP server's port 21 from anywhere (Client initiates connection)
  • FTP server's port 21 to ports > 1023 (Server responds to client's control port)
  • FTP server's port 20 to ports > 1023 (Server initiates data connection to client's data port)
  • FTP server's port 20 from ports > 1023 (Client sends ACKs to server's data port)

When drawn out, the connection appears as follows:

In step 1, the client's command port contacts the server's command port and sends the command PORT 1027. The server then sends an ACK back to the client's command port in step 2. In step 3 the server initiates a connection on its local data port to the data port the client specified earlier. Finally, the client sends an ACK back as shown in step 4.

The main problem with active mode FTP actually falls on the client side. The FTP client doesn't make the actual connection to the data port of the server--it simply tells the server what port it is listening on and the server connects back to the specified port on the client. From the client side firewall this appears to be an outside system initiating a connection to an internal client--something that is usually blocked.


Active FTP Example

Below is an actual example of an active FTP session. The only things that have been changed are the server names, IP addresses, and user names. In this example an FTP session is initiated from testbox1.slacksite.com (192.168.150.80), a linux box running the standard FTP command line client, to testbox2.slacksite.com (192.168.150.90), a linux box running ProFTPd 1.2.2RC2. The debugging (-d) flag is used with the FTP client to show what is going on behind the scenes. Everything in red is the debugging output which shows the actual FTP commands being sent to the server and the responses generated from those commands. Normal server output is shown in black, and user input is in bold.

There are a few interesting things to consider about this dialog. Notice that when the PORT command is issued, it specifies a port on the client (192.168.150.80) system, rather than the server. We will see the opposite behavior when we use passive FTP. While we are on the subject, a quick note about the format of the PORT command. As you can see in the example below it is formatted as a series of six numbers separated by commas. The first four octets are the IP address while the last two octets comprise the port that will be used for the data connection. To find the actual port multiply the fifth octet by 256 and then add the sixth octet to the total. Thus in the example below the port number is ( (14*256) + 178), or 3762. A quick check with netstat should confirm this information.

testbox1: {/home/p-t/slacker/public_html} % ftp -d testbox2
Connected to testbox2.slacksite.com.
220 testbox2.slacksite.com FTP server ready.
Name (testbox2:slacker): slacker
---> USER slacker
331 Password required for slacker.
Password: TmpPass
---> PASS XXXX
230 User slacker logged in.
---> SYST
215 UNIX Type: L8
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
ftp: setsockopt (ignored): Permission denied
---> PORT 192,168,150,80,14,178
200 PORT command successful.
---> LIST
150 Opening ASCII mode data connection for file list.
drwx------   3 slacker    users         104 Jul 27 01:45 public_html
226 Transfer complete.
ftp> quit
---> QUIT
221 Goodbye.

Passive FTP

In order to resolve the issue of the server initiating the connection to the client a different method for FTP connections was developed. This was known as passive mode, or PASV, after the command used by the client to tell the server it is in passive mode.

In passive mode FTP the client initiates both connections to the server, solving the problem of firewalls filtering the incoming data port connection to the client from the server. When opening an FTP connection, the client opens two random unprivileged ports locally (N > 1023 and N+1). The first port contacts the server on port 21, but instead of then issuing a PORT command and allowing the server to connect back to its data port, the client will issue the PASV command. The result of this is that the server then opens a random unprivileged port (P > 1023) and sends the PORT P command back to the client. The client then initiates the connection from port N+1 to port P on the server to transfer data.

From the server-side firewall's standpoint, to support passive mode FTP the following communication channels need to be opened:

  • FTP server's port 21 from anywhere (Client initiates connection)
  • FTP server's port 21 to ports > 1023 (Server responds to client's control port)
  • FTP server's ports > 1023 from anywhere (Client initiates data connection to random port specified by server)
  • FTP server's ports > 1023 to remote ports > 1023 (Server sends ACKs (and data) to client's data port)

When drawn, a passive mode FTP connection looks like this:

In step 1, the client contacts the server on the command port and issues the PASV command. The server then replies in step 2 with PORT 2024, telling the client which port it is listening to for the data connection. In step 3 the client then initiates the data connection from its data port to the specified server data port. Finally, the server sends back an ACK in step 4 to the client's data port.

While passive mode FTP solves many of the problems from the client side, it opens up a whole range of problems on the server side. The biggest issue is the need to allow any remote connection to high numbered ports on the server. Fortunately, many FTP daemons, including the popular WU-FTPD allow the administrator to specify a range of ports which the FTP server will use. See Appendix 1 for more information.

The second issue involves supporting and troubleshooting clients which do (or do not) support passive mode. As an example, the command line FTP utility provided with Solaris does not support passive mode, necessitating a third-party FTP client, such as ncftp.

With the massive popularity of the World Wide Web, many people prefer to use their web browser as an FTP client. Most browsers only support passive mode when accessing ftp:// URLs. This can either be good or bad depending on what the servers and firewalls are configured to support.


Passive FTP Example

Below is an actual example of a passive FTP session. The only things that have been changed are the server names, IP addresses, and user names. In this example an FTP session is initiated from testbox1.slacksite.com (192.168.150.80), a linux box running the standard FTP command line client, to testbox2.slacksite.com (192.168.150.90), a linux box running ProFTPd 1.2.2RC2. The debugging (-d) flag is used with the FTP client to show what is going on behind the scenes. Everything in red is the debugging output which shows the actual FTP commands being sent to the server and the responses generated from those commands. Normal server output is shown in black, and user input is in bold.

Notice the difference in the PORT command in this example as opposed to the active FTP example. Here, we see a port being opened on the server (192.168.150.90) system, rather than the client. See the discussion about the format of the PORT command above, in the Active FTP Example section.

testbox1: {/home/p-t/slacker/public_html} % ftp -d testbox2
Connected to testbox2.slacksite.com.
220 testbox2.slacksite.com FTP server ready.
Name (testbox2:slacker): slacker
---> USER slacker
331 Password required for slacker.
Password: TmpPass
---> PASS XXXX
230 User slacker logged in.
---> SYST
215 UNIX Type: L8
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> passive
Passive mode on.
ftp> ls
ftp: setsockopt (ignored): Permission denied
---> PASV
227 Entering Passive Mode (192,168,150,90,195,149).
---> LIST
150 Opening ASCII mode data connection for file list
drwx------   3 slacker    users         104 Jul 27 01:45 public_html
226 Transfer complete.
ftp> quit
---> QUIT
221 Goodbye.

Other Notes

A reader, Maarten Sjouw, pointed out that active FTP will not function when used in conjunction with a client-side NAT (Network Address Translation) device which is not smart enough to alter the IP address info in FTP packets.


Summary

The following chart should help admins remember how each FTP mode works:

 Active FTP :
     command : client >1023 -> server 21
     data    : client >1023 <- server 20

 Passive FTP :
     command : client >1023 -> server 21
     data    : client >1023 -> server >1023

A quick summary of the pros and cons of active vs. passive FTP is also in order:

Active FTP is beneficial to the FTP server admin, but detrimental to the client side admin. The FTP server attempts to make connections to random high ports on the client, which would almost certainly be blocked by a firewall on the client side. Passive FTP is beneficial to the client, but detrimental to the FTP server admin. The client will make both connections to the server, but one of them will be to a random high port, which would almost certainly be blocked by a firewall on the server side.

Luckily, there is somewhat of a compromise. Since admins running FTP servers will need to make their servers accessible to the greatest number of clients, they will almost certainly need to support passive FTP. The exposure of high level ports on the server can be minimized by specifying a limited port range for the FTP server to use. Thus, everything except for this range of ports can be firewalled on the server side. While this doesn't eliminate all risk to the server, it decreases it tremendously. See Appendix 1 for more information.

References

An excellent reference on how various internet protocols work and the issues involved in firewalling them can be found in the O'Reilly and Associates book, Building Internet Firewalls, 2nd Ed, by Brent Chapman and Elizabeth Zwicky.

Finally, the definitive reference on FTP would be RFC 959, which sets forth the official specifications of the FTP protocol. RFCs can be downloaded from numerous locations, including http://www.faqs.org/rfcs/rfc959.html.

'web' 카테고리의 다른 글

apache redirect 설정.  (0) 2007.06.14
Trust in E-commerce  (0) 2006.07.20
FTP의 passive, active mode 설명  (0) 2006.02.20
[펌] Axis Webservice 설치및 테스트  (0) 2005.09.03
[펌] web.xml 사용법  (0) 2005.07.23
Tomcat 4.1.12 버전에서 서블릿 접근  (0) 2005.02.08
Posted by 김용환 '김용환'

영어 축약어

c or linux 2006.02.15 00:58

 

출처 : http://www.tux.org/lkml/

 

Some English expressions for non-native English readers. Many of these (and far more) may be obtained from the Jargon File:

  • AFAIK = As Far As I Know
  • AKA = Also Known As
  • ASAP = As Soon As Possible
  • BTW = By The Way (used to introduce some piece of information or question that is on a different topic but may be of interest)
  • COLA = comp.os.linux.announce (newsgroup)
  • ETA = Estimated Time of Arrival
  • FAQ = Frequently Asked Question
  • FUD = Fear, Uncertainty and Doubt
  • FWIW = For What It's Worth
  • FYI = For Your Information
  • IANAL = I Am Not A Lawyer
  • IIRC = If I Recall Correctly
  • IMHO = In My Humble Opinion
  • IMNSHO = In My Not-So-Humble Opinion
  • IOW = In Other Words
  • LART = Luser Attitude Readjustment Tool (quoting Al Viro: "Anything you use to forcibly implant the clue into the place where luser's head is")
  • LUSER = pronounced "loser", a user who is considered to indeed be a loser (idiot, drongo, wanker, dim-wit, fool, etc.)
  • OTOH = On The Other Hand
  • PEBKAC = Problem Exists Between Keyboard And Chair
  • ROTFL = Rolling On The Floor Laughing
  • RSN = Real Soon Now
  • RTFM = Read The Fucking Manual (original definition) or Read The Fine Manual (if you want to pretend to be polite)
  • TANSTAAFL = There Ain't No Such Thing As A Free Lunch (contributed by David Niemi, quoting Robert Heinlein in his science fiction novel 'The Moon is a Harsh Mistress')
  • THX = Thanks (thank you)
  • TIA = Thanks In Advance
  • WIP = Work In Progress
  • WRT = With Respect To

'c or linux' 카테고리의 다른 글

좋은 구조체 리턴 함수  (0) 2006.04.15
&, && 및 우선순위 주의  (0) 2006.03.28
영어 축약어  (0) 2006.02.15
__init, __exit 의미  (0) 2006.02.14
extern으로 불러온 변수의 sizeof 호출하기  (0) 2006.02.14
[본문 스크랩] Kernel File List  (0) 2006.02.14
Posted by 김용환 '김용환'

http://linuxkernel.net/faq/index.php?cmd=read&section=kernel-general2&num=4

 

 

Q: 소스 중에 보면 어떤 함수들은 함수 이름 앞에 __init라고 붙어있거나, 함수의 프로토타입을 __initfunc() 매크로로 둘러싸고 있는 것이 있습니다. 이것의 역할은 무엇입니까?

A: 소스를 보다 보면 함수 이름앞에 __init라고 되어 있거나, 변수 이름 뒤에 __initdata라고 적힌 것을 볼 수 있습니다.

예를 들어 init/main.c에서 :

asmlinkage void __init start_kernel(void);
static void __init smp_init(void);
static void __init do_basic_setup(void);

static struct dev_name_struct { ... } root_dev_names[] __initdata; 
여기에 나오는 __init나 __initdata는 해당하는 함수나 변수가 운영체제의 초기화 과정에만 사용된다는 것을 의미합니다. start_kernel()이나 kernel/sched.c에 있는 sched_init(), arch/i386/mm/init.c에 있는 mem_init() 처럼 초기화 과정에만 사용되는 함수는 일단 초기화 과정이 끝나면 더이상 필요가 없습니다. 초기화를 마친 후에 이들을 계속해서 메모리에 남겨두고 있을 필요가 없다는 것이죠. 그래서 이런 초기화에만 필요한 함수나 변수를 별도의 영역에 따로 모아두었다가, 초기화를 마친 후 이 영역의 메모리를 해제합니다. 그렇게 하면 필요없는 메모리를 제거하여 커널이 차지하는 메모리의 양을 줄일 수 있게 됩니다. 이를 위해 초기화에만 관련되어 있는 함수나 변수를 따로 표시하기 위해서 __init나 __initdata라는 것을 사용합니다.

이들은 2.4.x 커널에서는 include/linux/init.h에 정의가 되어 있고 2.2.x 커널에서는 include/linux/init.h와 include/asm/init.h에 정의되어 있습니다.
include/linux/init.h 소스를 살펴보면 :
/* These macros are used to mark some functions or 
 * initialized data (doesn't apply to uninitialized data)
 * as `initialization' functions. The kernel can take this
 * as hint that the function is used only during the initialization
 * phase and free up used memory resources after
 *
 * Usage:
 * For functions:
 * 
 * You should add __init immediately before the function name, like:
 *
 * static void __init initme(int x, int y)
 * {
 *    extern int z; z = x * y;
 * }
 *
 * If the function has a prototype somewhere, you can also add
 * __init between closing brace of the prototype and semicolon:
 *
 * extern int initialize_foobar_device(int, int, int) __init;
 *
 * For initialized data:
 * You should insert __initdata between the variable name and equal
 * sign followed by value, e.g.:
 *
 * static int init_variable __initdata = 0;
 * static char linux_logo[] __initdata = { 0x32, 0x36, ... };
 *
 * For initialized data not at file scope, i.e. within a function,
 * you should use __initlocaldata instead, due to a bug in GCC 2.7.
 */
여기서는 __init나 __initdata를 사용하는 방법을 말하고 있습니다. __init는 함수를 정의할 때는 함수의 이름 앞에 들어가지만, 프로토타입이 이미 다른 곳에서 선언되어 있는 경우에는 프로토타입의 끝과 세미콜론 사이에 넣을 수 있습니다. 초기화되는 변수의 경우에는 변수의 이름과 변수에 초기값을 지정하는 '=' 사이에 __initdata를 넣습니다.

계속해서 :
#ifndef MODULE

/*
 * Mark functions and data as being only used at initialization
 * or exit time.
 */
#define __init		__attribute__ ((__section__ (".text.init")))
#define __exit		__attribute__ ((unused, __section__(".text.exit")))
#define __initdata	__attribute__ ((__section__ (".data.init")))
#define __exitdata	__attribute__ ((unused, __section__ (".data.exit")))
#define __initsetup	__attribute__ ((unused,__section__ (".setup.init")))
#define __init_call	__attribute__ ((unused,__section__ (".initcall.init")))

/* For assembly routines */
#define __INIT		.section	".text.init","ax"
#define __FINIT		.previous
#define __INITDATA	.section	".data.init","aw"

#define module_init(x)	__initcall(x);
#define module_exit(x)	/* nothing */

#else

#define __init
#define __exit
#define __initdata
#define __exitdata
#define __initcall(fn)
/* For assembly routines */
#define __INIT
#define __FINIT
#define __INITDATA

#define module_init(x)	int init_module(void) __attribute__((alias(#x)));
#define module_exit(x)	void cleanup_module(void) __attribute__((alias(#x)));

#endif
여기서는 각각이 어떤 섹션에 들어가는지를 지정합니다. __init로 정의된 함수들은 .text.init 섹션에, __initdata로 정의된 변수는 .data.init에 들어갑니다. 여기에서 __exit, __exitdata라는 것을 볼 수 있는데 이들은 종료를 할 때 불리는 함수나 이와 관련된 변수들을 지정할 때 사용합니다. 어떤 드라이버가 커널에 포함되어 있는 경우 시스템을 종료할 때 각각의 종료함수를 부르지 않아도 되기 때문에 이들 역시 메모리에서 제거될 수 있습니다. 커널은 시스템 초기화를 마친 직후 이들 버릴 수 있는 섹션에 있는 메모리들을 해제합니다.

이러한 기능은 커널에만 해당하지 모듈에는 해당하지 않습니다. 위의 코드에서 보듯이 모듈인 경우에는 이들은 아무 역할도 하지 않도록 되어 있습니다. 모듈에서는 이와 같은 기능을 제공하지 않기 때문입니다.

어떤 함수는 __initfunc()라는 매크로에 둘러 싸여있는 것도 있습니다. 예를 들어 2.4.x 커널의 driver/block/lvm.c를 보면 :
#ifdef __initfunc
__initfunc(int lvm_init(void))
#else
int __init lvm_init(void)
#endif
__initfunc()은 해당 함수가 초기화에 관련된 함수라는 것을 알려줍니다. 이것은 __init라고 지정하는 것과 같은 일을 하는 것으로 옛날 코드의 잔재라고 생각하면 됩니다. 이렇게 정의되는 함수들은 대부분 디바이스 드라이버의 초기화와 setup에 관련된 함수입니다. 이들 역시 초기화 이후에 필요가 없으므로 제거될 수 있습니다.

by flyduck 2000/06/28

'c or linux' 카테고리의 다른 글

&, && 및 우선순위 주의  (0) 2006.03.28
영어 축약어  (0) 2006.02.15
__init, __exit 의미  (0) 2006.02.14
extern으로 불러온 변수의 sizeof 호출하기  (0) 2006.02.14
[본문 스크랩] Kernel File List  (0) 2006.02.14
The Linux Kernel API  (0) 2006.02.14
Posted by 김용환 '김용환'

c코딩시 자주 하는 실수 중의 하나이다.

에러는 error: invalid application of `sizeof' to incomplete type `({anonymous})' 이렇게 나올 수 있다.

 

크기가 알려지지 않은, extern 배열 선언은 `incomplete type'이다. 그러므로, 크기가 알려질 수 있는 extern 배열 선언을 해야 한다.

 

자세한 답은 여기를 참조한다.

http://www.cinsk.org/cfaqs/html/node3.html#SECTION00380000000000000000

 

다른 소스에서 sizeof함수나 size를 얻어오는 방법

 

1. 크기를 미리 만들어 전역변수에 저장

file1.c:
  int array[] = { 1, 2, 3};
  int arraysz = sizeof(array);

file2.c:
  extern int array[];
  extern int arraysz;
 
2. 크기를 매크로로 이용하여 저장
file1.h:
  #define ARRAYSZ       3
file1.c:
  #include "file1.h"
  int array[ARRAYSZ];
file2.c:
  #include "file1.h"
  extern int array[ARRAYSZ];
 
3. 원 소스에서 선언과 정의를 하고, extern을 이용
file1.c:
  int array[] = { 1, 2, 3};

file2.c:
  extern int array[];

'c or linux' 카테고리의 다른 글

영어 축약어  (0) 2006.02.15
__init, __exit 의미  (0) 2006.02.14
extern으로 불러온 변수의 sizeof 호출하기  (0) 2006.02.14
[본문 스크랩] Kernel File List  (0) 2006.02.14
The Linux Kernel API  (0) 2006.02.14
리눅스 I/O 포트 프로그래밍 미니 하우투  (0) 2006.02.13
Posted by 김용환 '김용환'
<kernel>

1 /sbin/init 
1 /sbin/modprobe 

<kernel> /sbin/getty

6 /dev/tty\$ 
4 /etc/issue 
2 /var/log/wtmp 
6 /var/run/utmp 
allow_capability SYS_CHMOD
allow_capability SYS_CHOWN
allow_capability SYS_IOCTL

<kernel> /sbin/init

6 /dev/console 
6 /dev/initctl 
6 /dev/tty\$ 
1 /etc/init.d/rc 
1 /etc/init.d/rcS 
4 /etc/inittab 
1 /sbin/getty 
4 /usr/share/zoneinfo/Asia/Tokyo 
2 /var/log/wtmp 
6 /var/run/utmp 
allow_capability SYS_IOCTL
allow_capability SYS_KILL
allow_capability SYS_REBOOT
allow_signal 15 <kernel> /sbin/getty

<kernel> /sbin/init /etc/init.d/rc

1 /bin/bash 
1 /bin/stty 
6 /dev/console 
6 /dev/tty 
1 /etc/init.d/apache2 
1 /etc/init.d/atd 
1 /etc/init.d/bootlogd 
1 /etc/init.d/canna 
1 /etc/init.d/cron 
1 /etc/init.d/exim4 
1 /etc/init.d/hotplug-net 
1 /etc/init.d/ifupdown 
1 /etc/init.d/inetd 
1 /etc/init.d/klogd 
1 /etc/init.d/lpd 
1 /etc/init.d/makedev 
1 /etc/init.d/netatalk 
1 /etc/init.d/networking 
1 /etc/init.d/nfs-common 
1 /etc/init.d/nfs-kernel-server 
1 /etc/init.d/portmap 
1 /etc/init.d/ppp 
4 /etc/init.d/rc 
1 /etc/init.d/reboot 
1 /etc/init.d/rmnologin 
1 /etc/init.d/samba 
1 /etc/init.d/sendsigs 
1 /etc/init.d/ssh 
1 /etc/init.d/sysklogd 
1 /etc/init.d/umountfs 
1 /etc/init.d/urandom 
1 /etc/init.d/vmware-tools 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rc /bin/bash

1 /bin/date 
1 /bin/rm 
1 /bin/uname 
6 /dev/console 
4 /dev/null 
6 /dev/tty 
4 /etc/default/rcS 
4 /etc/init.d/hwclock.sh 
4 /etc/init.d/umountnfs.sh 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /sbin/halt 
1 /sbin/hwclock 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rc /bin/bash /bin/date

4 /lib/libpthread-0.10.so 
4 /proc/sys/kernel/version 
4 /usr/share/zoneinfo/Asia/Tokyo 

<kernel> /sbin/init /etc/init.d/rc /bin/bash /bin/rm

allow_capability SYS_IOCTL
allow_capability SYS_UNLINK

<kernel> /sbin/init /etc/init.d/rc /bin/bash /bin/uname


<kernel> /sbin/init /etc/init.d/rc /bin/bash /sbin/halt

2 /var/log/wtmp 

<kernel> /sbin/init /etc/init.d/rc /bin/bash /sbin/hwclock

4 /dev/rtc 
6 /etc/adjtime 
4 /usr/share/zoneinfo/Asia/Tokyo 

<kernel> /sbin/init /etc/init.d/rc /bin/stty

allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/apache2

1 /bin/cat 
1 /bin/grep 
1 /bin/sleep 
6 /dev/console 
2 /dev/null 
6 /dev/tty 
4 /etc/default/apache2 
4 /etc/default/rcS 
4 /etc/init.d/apache2 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /usr/bin/env 
1 /usr/bin/expr 
1 /usr/bin/mawk 
1 /usr/sbin/apache2 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/apache2 /bin/cat

4 /var/run/apache2.pid 

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/apache2 /bin/grep

4 /etc/apache2/README 
4 /etc/apache2/apache2.conf 
4 /etc/apache2/conf.d/apache2-doc 
4 /etc/apache2/envvars 
4 /etc/apache2/httpd.conf 
4 /etc/apache2/magic 
4 /etc/apache2/mods-available/actions.load 
4 /etc/apache2/mods-available/asis.load 
4 /etc/apache2/mods-available/auth_anon.load 
4 /etc/apache2/mods-available/auth_dbm.load 
4 /etc/apache2/mods-available/auth_digest.load 
4 /etc/apache2/mods-available/auth_ldap.load 
4 /etc/apache2/mods-available/cache.load 
4 /etc/apache2/mods-available/cern_meta.load 
4 /etc/apache2/mods-available/cgi.load 
4 /etc/apache2/mods-available/cgid.conf 
4 /etc/apache2/mods-available/cgid.load 
4 /etc/apache2/mods-available/dav.load 
4 /etc/apache2/mods-available/dav_fs.conf 
4 /etc/apache2/mods-available/dav_fs.load 
4 /etc/apache2/mods-available/deflate.load 
4 /etc/apache2/mods-available/disk_cache.load 
4 /etc/apache2/mods-available/expires.load 
4 /etc/apache2/mods-available/ext_filter.load 
4 /etc/apache2/mods-available/file_cache.load 
4 /etc/apache2/mods-available/headers.load 
4 /etc/apache2/mods-available/imap.load 
4 /etc/apache2/mods-available/include.load 
4 /etc/apache2/mods-available/info.load 
4 /etc/apache2/mods-available/ldap.load 
4 /etc/apache2/mods-available/mem_cache.load 
4 /etc/apache2/mods-available/mime_magic.conf 
4 /etc/apache2/mods-available/mime_magic.load 
4 /etc/apache2/mods-available/mod_python.load 
4 /etc/apache2/mods-available/perl.conf 
4 /etc/apache2/mods-available/perl.load 
4 /etc/apache2/mods-available/php4.conf 
4 /etc/apache2/mods-available/php4.load 
4 /etc/apache2/mods-available/proxy.conf 
4 /etc/apache2/mods-available/proxy.load 
4 /etc/apache2/mods-available/proxy_connect.load 
4 /etc/apache2/mods-available/proxy_ftp.load 
4 /etc/apache2/mods-available/proxy_http.load 
4 /etc/apache2/mods-available/rewrite.load 
4 /etc/apache2/mods-available/speling.load 
4 /etc/apache2/mods-available/ssl.conf 
4 /etc/apache2/mods-available/ssl.load 
4 /etc/apache2/mods-available/suexec.load 
4 /etc/apache2/mods-available/unique_id.load 
4 /etc/apache2/mods-available/userdir.conf 
4 /etc/apache2/mods-available/userdir.load 
4 /etc/apache2/mods-available/usertrack.load 
4 /etc/apache2/mods-available/vhost_alias.load 
4 /etc/apache2/ports.conf 
4 /etc/apache2/sites-available/default 

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/apache2 /bin/sleep

4 /lib/libpthread-0.10.so 
4 /proc/sys/kernel/version 

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/apache2 /usr/bin/env

1 /usr/sbin/apache2 
1 /usr/sbin/apache2ctl 

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/apache2 /usr/bin/env /usr/sbin/apache2ctl

6 /dev/console 
6 /dev/tty 
4 /etc/apache2/envvars 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /usr/sbin/apache2 
4 /usr/sbin/apache2ctl 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/apache2 /usr/bin/expr


<kernel> /sbin/init /etc/init.d/rc /etc/init.d/apache2 /usr/bin/mawk

allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/atd

6 /dev/console 
6 /dev/tty 
4 /etc/init.d/atd 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /sbin/start-stop-daemon 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/atd /sbin/start-stop-daemon

1 /usr/sbin/atd 
4 /var/run/atd.pid 
allow_capability SYS_KILL
allow_signal 15 <kernel> /usr/sbin/atd

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/bootlogd

6 /dev/console 
6 /dev/tty 
4 /etc/default/bootlogd 
4 /etc/init.d/bootlogd 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/canna

6 /dev/console 
6 /dev/tty 
4 /etc/default/canna 
4 /etc/init.d/canna 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/cron

6 /dev/console 
6 /dev/tty 
4 /etc/init.d/cron 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /sbin/start-stop-daemon 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/cron /sbin/start-stop-daemon

4 /proc/\$/stat 
1 /usr/sbin/cron 
4 /var/run/crond.pid 
allow_capability SYS_KILL
allow_signal 15 <kernel> /sbin/init /etc/init.d/rc /etc/init.d/cron /sbin/start-stop-daemon /usr/sbin/cron
allow_signal 15 <kernel> /usr/sbin/cron

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/exim4

1 /bin/grep 
1 /bin/rm 
6 /dev/console 
2 /dev/null 
6 /dev/tty 
4 /etc/default/exim4 
4 /etc/init.d/exim4 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /sbin/start-stop-daemon 
1 /usr/sbin/exim4 
1 /usr/sbin/update-exim4.conf 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/exim4 /bin/grep

4 /etc/inetd.conf 

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/exim4 /bin/rm

2 /var/run/exim4/exim.pid 
allow_capability SYS_IOCTL
allow_capability SYS_UNLINK

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/exim4 /sbin/start-stop-daemon

1 /usr/sbin/exim4 
4 /var/run/exim4/exim.pid 
allow_capability SYS_KILL
allow_signal 15 <kernel> /sbin/init /etc/init.d/rc /etc/init.d/exim4 /sbin/start-stop-daemon /usr/sbin/exim4
allow_signal 15 <kernel> /usr/sbin/exim4

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/exim4 /usr/sbin/update-exim4.conf

1 /bin/cat 
1 /bin/chmod 
1 /bin/chown 
1 /bin/grep 
1 /bin/mv 
1 /bin/rm 
1 /bin/sed 
1 /bin/tempfile 
1 /bin/touch 
6 /dev/console 
2 /dev/null 
6 /dev/tty 
4 /etc/exim4/update-exim4.conf.conf 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
6 /tmp/sh-thd-\$ 
1 /usr/bin/dirname 
1 /usr/bin/getopt 
1 /usr/bin/head 
1 /usr/bin/id 
1 /usr/sbin/exim4 
4 /usr/sbin/update-exim4.conf 
2 /var/lib/exim4/config.autogenerated.tmp 
allow_capability SYS_IOCTL
allow_capability SYS_UNLINK

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/exim4 /usr/sbin/update-exim4.conf /bin/cat

4 /etc/exim4/exim4.conf.template 
4 /etc/mailname 

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/exim4 /usr/sbin/update-exim4.conf /bin/chmod

allow_capability SYS_CHMOD

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/exim4 /usr/sbin/update-exim4.conf /bin/chown

4 /etc/group 
4 /etc/nsswitch.conf 
4 /etc/passwd 
allow_capability SYS_CHOWN

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/exim4 /usr/sbin/update-exim4.conf /bin/grep


<kernel> /sbin/init /etc/init.d/rc /etc/init.d/exim4 /usr/sbin/update-exim4.conf /bin/mv

4 /lib/libacl.so.1.1.0 
4 /lib/libattr.so.1.1.0 
2 /var/lib/exim4/config.autogenerated 
2 /var/lib/exim4/config.autogenerated.tmp 
allow_capability SYS_IOCTL
allow_capability SYS_RENAME

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/exim4 /usr/sbin/update-exim4.conf /bin/rm

2 /tmp/ex4\?\?\?\?\?\? 
allow_capability SYS_IOCTL
allow_capability SYS_UNLINK

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/exim4 /usr/sbin/update-exim4.conf /bin/sed


<kernel> /sbin/init /etc/init.d/rc /etc/init.d/exim4 /usr/sbin/update-exim4.conf /bin/tempfile

6 /tmp/ex4\?\?\?\?\?\? 

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/exim4 /usr/sbin/update-exim4.conf /bin/touch

2 /var/lib/exim4/config.autogenerated.tmp 

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/exim4 /usr/sbin/update-exim4.conf /usr/bin/dirname


<kernel> /sbin/init /etc/init.d/rc /etc/init.d/exim4 /usr/sbin/update-exim4.conf /usr/bin/getopt


<kernel> /sbin/init /etc/init.d/rc /etc/init.d/exim4 /usr/sbin/update-exim4.conf /usr/bin/head


<kernel> /sbin/init /etc/init.d/rc /etc/init.d/exim4 /usr/sbin/update-exim4.conf /usr/bin/id


<kernel> /sbin/init /etc/init.d/rc /etc/init.d/hotplug-net

1 /bin/rm 
6 /dev/console 
6 /dev/tty 
4 /etc/init.d/hotplug-net 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/hotplug-net /bin/rm

2 /etc/hotplug/.run/net.enable 
allow_capability SYS_IOCTL
allow_capability SYS_UNLINK

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/ifupdown

6 /dev/console 
6 /dev/tty 
4 /etc/default/ifupdown 
4 /etc/init.d/ifupdown 
1 /etc/init.d/ifupdown-clean 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/ifupdown /etc/init.d/ifupdown-clean

1 /bin/rm 
6 /dev/console 
6 /dev/tty 
4 /etc/default/ifupdown 
4 /etc/init.d/ifupdown-clean 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/ifupdown /etc/init.d/ifupdown-clean /bin/rm

2 /etc/network/run/ifstate 
allow_capability SYS_IOCTL
allow_capability SYS_UNLINK

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/inetd

1 /bin/grep 
6 /dev/console 
2 /dev/null 
6 /dev/tty 
4 /etc/init.d/inetd 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /sbin/start-stop-daemon 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/inetd /bin/grep

4 /etc/inetd.conf 

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/inetd /sbin/start-stop-daemon

1 /usr/sbin/inetd 
4 /var/run/inetd.pid 
allow_capability SYS_KILL
allow_signal 15 <kernel> /sbin/init /etc/init.d/rc /etc/init.d/inetd /sbin/start-stop-daemon /usr/sbin/inetd
allow_signal 15 <kernel> /usr/sbin/inetd

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/klogd

6 /dev/console 
6 /dev/tty 
4 /etc/init.d/klogd 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /sbin/start-stop-daemon 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/klogd /sbin/start-stop-daemon

1 /sbin/klogd 
4 /var/run/klogd.pid 
allow_capability SYS_KILL
allow_signal 15 <kernel> /sbin/klogd

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/lpd

6 /dev/console 
6 /dev/tty 
4 /etc/default/lpd 
4 /etc/init.d/lpd 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /sbin/start-stop-daemon 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/lpd /sbin/start-stop-daemon

1 /usr/sbin/lpd 
allow_capability SYS_KILL
allow_signal 15 <kernel> /sbin/init /etc/init.d/rc /etc/init.d/lpd /sbin/start-stop-daemon /usr/sbin/lpd
allow_signal 15 <kernel> /usr/sbin/lpd

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/makedev

6 /dev/console 
6 /dev/tty 
4 /etc/init.d/makedev 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/netatalk

1 /bin/grep 
1 /bin/hostname 
6 /dev/console 
6 /dev/tty 
4 /etc/default/netatalk 
4 /etc/init.d/netatalk 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /sbin/start-stop-daemon 
1 /usr/bin/nbprgstr 
1 /usr/sbin/afpd 
1 /usr/sbin/atalkd 
1 /usr/sbin/papd 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/netatalk /bin/grep

4 /etc/modules 

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/netatalk /bin/hostname

4 /etc/host.conf 
4 /etc/hosts 
4 /etc/nsswitch.conf 
4 /etc/resolv.conf 

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/netatalk /sbin/start-stop-daemon

allow_capability SYS_KILL
allow_signal 15 <kernel> /sbin/init /etc/init.d/rc /etc/init.d/netatalk /usr/sbin/afpd
allow_signal 15 <kernel> /sbin/init /etc/init.d/rc /etc/init.d/netatalk /usr/sbin/papd
allow_signal 15 <kernel> /usr/sbin/afpd
allow_signal 15 <kernel> /usr/sbin/papd

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/netatalk /usr/bin/nbprgstr

4 /usr/lib/gconv/gconv-modules 

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/networking

1 /bin/grep 
1 /bin/sed 
6 /dev/console 
6 /dev/tty 
4 /etc/init.d/networking 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /sbin/ifdown 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/networking /bin/grep


<kernel> /sbin/init /etc/init.d/rc /etc/init.d/networking /bin/sed

4 /proc/\$/mounts 

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/networking /sbin/ifdown

1 /bin/bash 
4 /etc/network/interfaces 
6 /etc/network/run/ifstate 

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/networking /sbin/ifdown /bin/bash

1 /bin/run-parts 
6 /dev/console 
6 /dev/tty 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /sbin/ifconfig 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/networking /sbin/ifdown /bin/bash /bin/run-parts


<kernel> /sbin/init /etc/init.d/rc /etc/init.d/networking /sbin/ifdown /bin/bash /sbin/ifconfig

allow_capability SYS_IOCTL
allow_capability use_inet_udp

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/nfs-common

1 /bin/uname 
6 /dev/console 
6 /dev/tty 
4 /etc/default/nfs-common 
4 /etc/init.d/nfs-common 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /sbin/start-stop-daemon 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/nfs-common /bin/uname


<kernel> /sbin/init /etc/init.d/rc /etc/init.d/nfs-common /sbin/start-stop-daemon

4 /proc/\$/stat 
1 /sbin/rpc.statd 
allow_capability SYS_KILL
allow_signal 15 <kernel> /sbin/rpc.statd

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/nfs-kernel-server

1 /bin/grep 
6 /dev/console 
6 /dev/tty 
4 /etc/default/nfs-kernel-server 
4 /etc/init.d/nfs-kernel-server 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /sbin/start-stop-daemon 
1 /usr/sbin/exportfs 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/nfs-kernel-server /bin/grep

4 /etc/exports 

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/nfs-kernel-server /sbin/start-stop-daemon

4 /proc/\$/stat 

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/nfs-kernel-server /usr/sbin/exportfs

4 /proc/fs/nfs/exports 
6 /var/lib/nfs/etab 
6 /var/lib/nfs/etab.tmp 
6 /var/lib/nfs/xtab 
6 /var/lib/nfs/xtab.tmp 
allow_capability SYS_UNLINK

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/portmap

1 /bin/sleep 
6 /dev/console 
6 /dev/tty 
4 /etc/default/portmap 
4 /etc/init.d/portmap 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /sbin/start-stop-daemon 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/portmap /bin/sleep

4 /lib/libpthread-0.10.so 
4 /proc/sys/kernel/version 

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/portmap /sbin/start-stop-daemon


<kernel> /sbin/init /etc/init.d/rc /etc/init.d/ppp

6 /dev/console 
6 /dev/tty 
4 /etc/init.d/ppp 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/reboot

6 /dev/console 
6 /dev/tty 
4 /etc/init.d/reboot 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /root/ccstools/savepolicy 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/reboot /root/ccstools/savepolicy

4 /proc/ccs/policy/domain_policy 
2 /root/security/domain_policy.\* 
allow_capability SYS_MOUNT

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/rmnologin

1 /bin/rm 
6 /dev/console 
6 /dev/tty 
4 /etc/default/rcS 
4 /etc/init.d/rmnologin 
4 /etc/nsswitch.conf 
4 /etc/passwd 
1 /lib/init/readlink 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/rmnologin /bin/rm

2 /etc/nologin 
allow_capability SYS_IOCTL
allow_capability SYS_UNLINK

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/rmnologin /lib/init/readlink


<kernel> /sbin/init /etc/init.d/rc /etc/init.d/samba

1 /bin/cat 
1 /bin/ps 
1 /bin/rm 
1 /bin/sleep 
6 /dev/console 
2 /dev/null 
6 /dev/tty 
4 /etc/default/samba 
4 /etc/init.d/samba 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /sbin/start-stop-daemon 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/samba /bin/cat

4 /var/run/samba/nmbd.pid 
4 /var/run/samba/smbd.pid 

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/samba /bin/ps

4 /lib/libproc.so.3.2.1 
4 /proc/\$/cmdline 
4 /proc/\$/mounts 
4 /proc/\$/stat 
4 /proc/\$/status 
4 /proc/stat 
4 /proc/uptime 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/samba /bin/rm

2 /var/run/samba/nmbd.pid 
2 /var/run/samba/smbd.pid 
allow_capability SYS_IOCTL
allow_capability SYS_UNLINK

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/samba /bin/sleep

4 /lib/libpthread-0.10.so 
4 /proc/sys/kernel/version 

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/samba /sbin/start-stop-daemon

1 /usr/sbin/nmbd 
1 /usr/sbin/smbd 
4 /var/run/samba/nmbd.pid 
4 /var/run/samba/smbd.pid 
allow_capability SYS_KILL
allow_signal 15 <kernel> /usr/sbin/nmbd
allow_signal 15 <kernel> /usr/sbin/smbd

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/sendsigs

1 /bin/sleep 
6 /dev/console 
6 /dev/tty 
4 /etc/init.d/sendsigs 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /sbin/killall5 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/sendsigs /bin/sleep

4 /lib/libpthread-0.10.so 
4 /proc/sys/kernel/version 

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/sendsigs /sbin/killall5

4 /proc/\$/cmdline 
4 /proc/\$/stat 
allow_capability SYS_KILL
allow_signal 15 <kernel> /sbin/init
allow_signal 9 <kernel> /sbin/init
allow_signal 15 <kernel> /sbin/portmap

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/ssh

1 /bin/grep 
6 /dev/console 
2 /dev/null 
6 /dev/tty 
4 /etc/default/ssh 
4 /etc/init.d/ssh 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /sbin/start-stop-daemon 
1 /usr/sbin/sshd 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/ssh /bin/grep


<kernel> /sbin/init /etc/init.d/rc /etc/init.d/ssh /sbin/start-stop-daemon

1 /usr/sbin/sshd 
4 /var/run/sshd.pid 
allow_capability SYS_KILL
allow_signal 15 <kernel> /usr/sbin/sshd

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/sysklogd

1 /bin/chmod 
1 /bin/chown 
6 /dev/console 
6 /dev/tty 
4 /etc/init.d/sysklogd 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /sbin/start-stop-daemon 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/sysklogd /bin/chmod

allow_capability SYS_CHMOD

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/sysklogd /bin/chown

4 /etc/group 
4 /etc/nsswitch.conf 
4 /etc/passwd 

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/sysklogd /sbin/start-stop-daemon

1 /sbin/syslogd 
4 /var/run/syslogd.pid 
allow_capability SYS_KILL
allow_signal 15 <kernel> /sbin/syslogd

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/umountfs

1 /bin/mount 
1 /bin/umount 
6 /dev/console 
6 /dev/tty 
4 /etc/init.d/umountfs 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /sbin/swapon 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/umountfs /bin/mount

6 /dev/null 
4 /etc/blkid.tab 
4 /etc/fstab 
4 /lib/libblkid.so.1.0 
4 /lib/libuuid.so.1.2 
allow_capability SYS_MOUNT

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/umountfs /bin/umount

4 /lib/libblkid.so.1.0 
4 /lib/libuuid.so.1.2 
4 /proc/\$/mounts 
allow_capability SYS_UMOUNT

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/umountfs /sbin/swapon

4 /etc/blkid.tab 
4 /etc/fstab 
4 /lib/libblkid.so.1.0 
4 /lib/libuuid.so.1.2 
4 /proc/swaps 

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/urandom

1 /bin/cat 
1 /bin/dd 
6 /dev/console 
2 /dev/null 
6 /dev/tty 
4 /etc/default/rcS 
4 /etc/init.d/urandom 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/urandom /bin/cat

4 /proc/sys/kernel/random/poolsize 

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/urandom /bin/dd

4 /dev/urandom 
2 /var/lib/urandom/random-seed 

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/vmware-tools

1 /bin/cat 
1 /bin/grep 
1 /bin/rm 
1 /bin/sleep 
1 /bin/uname 
6 /dev/console 
2 /dev/null 
6 /dev/tty 
4 /etc/init.d/vmware-tools 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /etc/vmware-tools/locations 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /usr/bin/vmware-config-tools.pl 
1 /usr/sbin/vmware-checkvm 
1 /usr/sbin/vmware-guestd 
allow_capability SYS_IOCTL
allow_capability SYS_KILL
allow_signal 15 <kernel> /sbin/init /etc/init.d/rc /etc/init.d/vmware-tools /usr/sbin/vmware-guestd

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/vmware-tools /bin/cat

4 /proc/bus/pci/devices 
4 /var/run/vmware-guestd.pid 

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/vmware-tools /bin/grep


<kernel> /sbin/init /etc/init.d/rc /etc/init.d/vmware-tools /bin/rm

2 /var/run/vmware-guestd.pid 
allow_capability SYS_IOCTL
allow_capability SYS_UNLINK

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/vmware-tools /bin/sleep

4 /lib/libpthread-0.10.so 
4 /proc/sys/kernel/version 

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/vmware-tools /bin/uname


<kernel> /sbin/init /etc/init.d/rc /etc/init.d/vmware-tools /usr/bin/vmware-config-tools.pl

1 /bin/bash 
4 /dev/urandom 
6 /etc/vmware-tools/locations 
4 /lib/libpthread-0.10.so 
4 /proc/sys/kernel/version 
4 /usr/bin/vmware-config-tools.pl 
4 /usr/share/perl/5.8.4/strict.pm 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/vmware-tools /usr/bin/vmware-config-tools.pl /bin/bash

1 /bin/grep 
1 /bin/uname 
6 /dev/console 
2 /dev/null 
6 /dev/tty 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /usr/sbin/vmware-checkvm 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/vmware-tools /usr/bin/vmware-config-tools.pl /bin/bash /bin/grep

4 /proc/ksyms 

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/vmware-tools /usr/bin/vmware-config-tools.pl /bin/bash /bin/uname


<kernel> /sbin/init /etc/init.d/rc /etc/init.d/vmware-tools /usr/bin/vmware-config-tools.pl /bin/bash /usr/sbin/vmware-checkvm


<kernel> /sbin/init /etc/init.d/rc /etc/init.d/vmware-tools /usr/sbin/vmware-checkvm

allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rc /etc/init.d/vmware-tools /usr/sbin/vmware-guestd

6 /var/run/vmware-guestd.pid 
allow_capability SYS_IOCTL
allow_capability inet_tcp_create
allow_capability use_inet_udp

<kernel> /sbin/init /etc/init.d/rcS

1 /bin/chgrp 
1 /bin/chmod 
1 /bin/chown 
1 /bin/date 
1 /bin/dmesg 
1 /bin/egrep 
1 /bin/fgconsole 
1 /bin/grep 
1 /bin/hostname 
1 /bin/loadkeys 
1 /bin/mount 
1 /bin/mountpoint 
1 /bin/mv 
1 /bin/readlink 
1 /bin/rm 
1 /bin/sed 
1 /bin/uname 
2 /dev/null 
6 /dev/tty 
4 /dev/tty\$ 
4 /etc/console-tools/config 
4 /etc/default/initrd-tools.sh 
4 /etc/default/rcS 
4 /etc/fstab 
4 /etc/init.d/bootclean.sh 
1 /etc/init.d/bootlogd 
4 /etc/init.d/bootmisc.sh 
4 /etc/init.d/checkfs.sh 
4 /etc/init.d/checkroot.sh 
4 /etc/init.d/console-screen.sh 
1 /etc/init.d/discover 
1 /etc/init.d/dns-clean 
4 /etc/init.d/hostname.sh 
1 /etc/init.d/hotplug 
1 /etc/init.d/hotplug-net 
4 /etc/init.d/hwclock.sh 
4 /etc/init.d/hwclockfirst.sh 
1 /etc/init.d/ifupdown 
1 /etc/init.d/ifupdown-clean 
4 /etc/init.d/initrd-tools.sh 
4 /etc/init.d/keymap.sh 
1 /etc/init.d/module-init-tools 
1 /etc/init.d/modutils 
4 /etc/init.d/mountall.sh 
4 /etc/init.d/mountnfs.sh 
1 /etc/init.d/mountvirtfs 
1 /etc/init.d/networking 
1 /etc/init.d/nviboot 
1 /etc/init.d/portmap 
1 /etc/init.d/pppd-dns 
4 /etc/init.d/procps.sh 
4 /etc/init.d/rcS 
1 /etc/init.d/urandom 
1 /etc/init.d/xfree86-common 
2 /etc/motd.tmp 
2 /etc/nologin 
4 /etc/nsswitch.conf 
4 /etc/passwd 
1 /lib/init/readlink 
4 /lib/libncurses.so.5.4 
1 /sbin/fsck 
1 /sbin/hwclock 
1 /sbin/swapon 
1 /sbin/sysctl 
2 /tmp/.clean 
1 /usr/bin/cut 
1 /usr/bin/dumpkeys 
1 /usr/bin/find 
1 /usr/bin/locale 
1 /usr/bin/setterm 
1 /usr/bin/tail 
1 /usr/bin/tr 
1 /usr/bin/unicode_stop 
1 /usr/bin/xargs 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
2 /var/lock/.clean 
2 /var/log/dmesg 
2 /var/run/.clean 
2 /var/run/utmp 
allow_capability SYS_IOCTL
allow_capability SYS_KILL
allow_signal 10 <kernel> /sbin/init

<kernel> /sbin/init /etc/init.d/rcS /bin/chgrp

4 /etc/group 
4 /etc/nsswitch.conf 

<kernel> /sbin/init /etc/init.d/rcS /bin/chmod

allow_capability SYS_CHMOD

<kernel> /sbin/init /etc/init.d/rcS /bin/chown

4 /etc/group 
4 /etc/nsswitch.conf 
4 /etc/passwd 

<kernel> /sbin/init /etc/init.d/rcS /bin/date

4 /lib/libpthread-0.10.so 
4 /proc/sys/kernel/version 
4 /usr/share/zoneinfo/Asia/Tokyo 

<kernel> /sbin/init /etc/init.d/rcS /bin/dmesg


<kernel> /sbin/init /etc/init.d/rcS /bin/egrep

4 /bin/egrep 
1 /bin/grep 
6 /dev/tty 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /bin/egrep /bin/grep

4 /etc/environment 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /bin/fgconsole

4 /dev/console 
4 /lib/libconsole.so.0.0.0 
4 /lib/libctutils.so.0.0.0 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /bin/grep

4 /etc/group 
4 /etc/sysctl.conf 
4 /proc/\$/mounts 
4 /proc/cmdline 

<kernel> /sbin/init /etc/init.d/rcS /bin/hostname

4 /etc/hostname 
allow_capability SYS_SETHOSTNAME

<kernel> /sbin/init /etc/init.d/rcS /bin/loadkeys

1 /bin/gunzip 
6 /dev/tty 
4 /etc/console/boottime.kmap.gz 
4 /lib/libcfont.so.0.0.0 
4 /lib/libconsole.so.0.0.0 
4 /lib/libctutils.so.0.0.0 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /bin/loadkeys /bin/gunzip

allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /bin/mount

6 /dev/null 
4 /etc/blkid.tab 
4 /etc/fstab 
4 /lib/libblkid.so.1.0 
4 /lib/libuuid.so.1.2 
4 /proc/\$/mounts 
allow_capability SYS_MOUNT

<kernel> /sbin/init /etc/init.d/rcS /bin/mountpoint


<kernel> /sbin/init /etc/init.d/rcS /bin/mv

2 /etc/motd 
2 /etc/motd.tmp 
4 /lib/libacl.so.1.1.0 
4 /lib/libattr.so.1.1.0 
allow_capability SYS_IOCTL
allow_capability SYS_RENAME

<kernel> /sbin/init /etc/init.d/rcS /bin/readlink


<kernel> /sbin/init /etc/init.d/rcS /bin/rm

2 /tmp/.clean 
2 /var/lock/.clean 
2 /var/run/.clean 
allow_capability SYS_IOCTL
allow_capability SYS_UNLINK

<kernel> /sbin/init /etc/init.d/rcS /bin/sed

4 /etc/console-tools/remap 
4 /etc/motd 

<kernel> /sbin/init /etc/init.d/rcS /bin/uname


<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/bootlogd

6 /dev/tty 
4 /etc/default/bootlogd 
4 /etc/init.d/bootlogd 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/discover

1 /bin/cat 
1 /bin/grep 
1 /bin/run-parts 
1 /bin/sed 
1 /bin/uname 
2 /dev/null 
6 /dev/tty 
4 /etc/default/discover 
4 /etc/discover.conf 
4 /etc/init.d/discover 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /sbin/discover 
1 /sbin/modprobe 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/discover /bin/cat


<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/discover /bin/grep

4 /etc/modules.conf 

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/discover /bin/run-parts


<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/discover /bin/sed

4 /proc/modules 

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/discover /bin/uname


<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/discover /sbin/discover

4 /dev/sda 
4 /proc/bus/pci/00/00.0 
4 /proc/bus/pci/00/01.0 
4 /proc/bus/pci/00/07.0 
4 /proc/bus/pci/00/07.1 
4 /proc/bus/pci/00/07.2 
4 /proc/bus/pci/00/07.3 
4 /proc/bus/pci/00/0f.0 
4 /proc/bus/pci/00/10.0 
4 /proc/bus/pci/00/11.0 
4 /proc/bus/pci/00/12.0 
4 /proc/bus/pci/devices 
4 /proc/devices 
4 /proc/ide/ide1/hdc/driver 
4 /proc/ide/ide1/hdc/media 
4 /proc/ide/ide1/hdc/model 
4 /proc/scsi/scsi 
4 /usr/lib/libdiscover.so.1.0.0 
4 /usr/share/discover/pci.lst 
4 /usr/share/discover/pcmcia.lst 
4 /usr/share/discover/usb.lst 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/dns-clean

1 /bin/echo 
6 /dev/tty 
4 /etc/init.d/dns-clean 
4 /etc/nsswitch.conf 
4 /etc/passwd 
1 /etc/ppp/ip-down.d/0dns-down 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/dns-clean /bin/echo

allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/dns-clean /etc/ppp/ip-down.d/0dns-down

1 /bin/ls 
2 /dev/null 
6 /dev/tty 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /etc/ppp/ip-down.d/0dns-down 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /usr/bin/cut 
1 /usr/bin/mawk 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/dns-clean /etc/ppp/ip-down.d/0dns-down /bin/ls

4 /lib/libacl.so.1.1.0 
4 /lib/libattr.so.1.1.0 
4 /lib/libpthread-0.10.so 
4 /proc/sys/kernel/version 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/dns-clean /etc/ppp/ip-down.d/0dns-down /usr/bin/cut


<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/dns-clean /etc/ppp/ip-down.d/0dns-down /usr/bin/mawk

allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/hotplug

6 /dev/tty 
4 /etc/default/hotplug 
1 /etc/hotplug/ide.rc 
1 /etc/hotplug/input.rc 
1 /etc/hotplug/isapnp.rc 
1 /etc/hotplug/pci.rc 
1 /etc/hotplug/scsi.rc 
1 /etc/hotplug/usb.rc 
4 /etc/init.d/hotplug 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/hotplug /etc/hotplug/ide.rc

6 /dev/tty 
4 /etc/hotplug/ide.rc 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/hotplug /etc/hotplug/input.rc

1 /bin/uname 
6 /dev/tty 
4 /etc/default/hotplug 
4 /etc/hotplug/hotplug.functions 
4 /etc/hotplug/input.rc 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/hotplug /etc/hotplug/input.rc /bin/uname


<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/hotplug /etc/hotplug/isapnp.rc

6 /dev/tty 
4 /etc/hotplug/isapnp.rc 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/hotplug /etc/hotplug/pci.rc

1 /bin/uname 
6 /dev/tty 
4 /etc/default/hotplug 
4 /etc/hotplug/hotplug.functions 
1 /etc/hotplug/pci.agent 
4 /etc/hotplug/pci.rc 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /usr/bin/which 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/hotplug /etc/hotplug/pci.rc /bin/uname


<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/hotplug /etc/hotplug/pci.rc /etc/hotplug/pci.agent

1 /bin/sed 
1 /bin/uname 
6 /dev/tty 
4 /etc/default/hotplug 
4 /etc/hotplug/hotplug.functions 
4 /etc/hotplug/pci.agent 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /lib/modules/2.4.32-ccs/modules.pcimap 
4 /proc/\$/mounts 
1 /usr/bin/pcimodules 
1 /usr/bin/which 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/hotplug /etc/hotplug/pci.rc /etc/hotplug/pci.agent /bin/sed


<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/hotplug /etc/hotplug/pci.rc /etc/hotplug/pci.agent /bin/uname


<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/hotplug /etc/hotplug/pci.rc /etc/hotplug/pci.agent /usr/bin/pcimodules

4 /lib/modules/2.4.32-ccs/modules.pcimap 
4 /proc/bus/pci/00/00.0 
4 /proc/bus/pci/00/01.0 
4 /proc/bus/pci/00/07.0 
4 /proc/bus/pci/00/07.1 
4 /proc/bus/pci/00/07.2 
4 /proc/bus/pci/00/07.3 
4 /proc/bus/pci/00/0f.0 
4 /proc/bus/pci/00/10.0 
4 /proc/bus/pci/00/11.0 
4 /proc/bus/pci/00/12.0 
4 /proc/bus/pci/devices 
4 /usr/lib/libpci.so.2 

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/hotplug /etc/hotplug/pci.rc /etc/hotplug/pci.agent /usr/bin/which

6 /dev/tty 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
4 /usr/bin/which 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/hotplug /etc/hotplug/pci.rc /usr/bin/which

6 /dev/tty 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
4 /usr/bin/which 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/hotplug /etc/hotplug/scsi.rc

6 /dev/tty 
4 /etc/hotplug/scsi.rc 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/hotplug /etc/hotplug/usb.rc

1 /bin/grep 
1 /bin/sed 
1 /bin/uname 
2 /dev/null 
6 /dev/tty 
4 /etc/default/hotplug 
4 /etc/hotplug/hotplug.functions 
4 /etc/hotplug/usb.rc 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /sbin/modprobe 
1 /sbin/rmmod 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/hotplug /etc/hotplug/usb.rc /bin/grep

4 /etc/hotplug/blacklist 

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/hotplug /etc/hotplug/usb.rc /bin/sed


<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/hotplug /etc/hotplug/usb.rc /bin/uname


<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/hotplug /etc/hotplug/usb.rc /sbin/rmmod

1 /sbin/insmod.modutils 
allow_capability use_kernel_module

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/hotplug /etc/hotplug/usb.rc /sbin/rmmod /sbin/insmod.modutils

allow_capability use_kernel_module

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/hotplug-net

6 /dev/tty 
2 /etc/hotplug/.run/net.enable 
4 /etc/init.d/hotplug-net 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/ifupdown

6 /dev/tty 
4 /etc/default/ifupdown 
4 /etc/init.d/ifupdown 
2 /etc/network/run/ifstate 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/ifupdown-clean

6 /dev/tty 
4 /etc/default/ifupdown 
4 /etc/init.d/ifupdown-clean 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/module-init-tools

6 /dev/tty 
4 /etc/init.d/module-init-tools 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/modutils

1 /bin/cat 
1 /bin/touch 
1 /bin/uname 
2 /dev/null 
6 /dev/tty 
4 /etc/init.d/modutils 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /sbin/depmod 
1 /sbin/modprobe 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/modutils /bin/cat

4 /etc/modules 

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/modutils /bin/touch

2 /lib/modules/2.4.32-ccs/modules.dep 

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/modutils /bin/uname


<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/modutils /sbin/depmod

1 /sbin/depmod.modutils 

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/modutils /sbin/depmod /sbin/depmod.modutils

4 /etc/modules.conf 
4 /lib/modules/2.4.32-ccs/kernel/drivers/net/dummy.o 
4 /lib/modules/2.4.32-ccs/kernel/fs/smbfs/smbfs.o 
2 /lib/modules/2.4.32-ccs/modules.dep 
2 /lib/modules/2.4.32-ccs/modules.generic_string 
2 /lib/modules/2.4.32-ccs/modules.ieee1394map 
2 /lib/modules/2.4.32-ccs/modules.isapnpmap 
2 /lib/modules/2.4.32-ccs/modules.parportmap 
2 /lib/modules/2.4.32-ccs/modules.pcimap 
2 /lib/modules/2.4.32-ccs/modules.pnpbiosmap 
2 /lib/modules/2.4.32-ccs/modules.usbmap 
4 /proc/\$/mounts 

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/mountvirtfs

1 /bin/grep 
1 /bin/mount 
1 /bin/mountpoint 
1 /bin/touch 
1 /bin/uname 
2 /dev/null 
6 /dev/tty 
4 /etc/default/devpts 
4 /etc/default/tmpfs 
4 /etc/fstab 
4 /etc/init.d/mountvirtfs 
4 /etc/nsswitch.conf 
4 /etc/passwd 
1 /lib/init/readlink 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/mountvirtfs /bin/grep

4 /proc/\$/mounts 
4 /proc/filesystems 

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/mountvirtfs /bin/mount

6 /dev/null 
4 /etc/blkid.tab 
4 /lib/libblkid.so.1.0 
4 /lib/libuuid.so.1.2 
allow_capability SYS_MOUNT

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/mountvirtfs /bin/mountpoint


<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/mountvirtfs /bin/touch


<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/mountvirtfs /bin/uname


<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/mountvirtfs /lib/init/readlink


<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/networking

1 /bin/grep 
6 /dev/tty 
4 /etc/init.d/networking 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
2 /proc/sys/net/ipv4/conf/all/rp_filter 
2 /proc/sys/net/ipv4/conf/default/rp_filter 
1 /sbin/ifup 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/networking /bin/grep

4 /etc/network/options 

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/networking /sbin/ifup

1 /bin/bash 
4 /etc/network/interfaces 
6 /etc/network/run/ifstate 

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/networking /sbin/ifup /bin/bash

1 /bin/run-parts 
6 /dev/tty 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /sbin/ifconfig 

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/networking /sbin/ifup /bin/bash /bin/run-parts


<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/networking /sbin/ifup /bin/bash /sbin/ifconfig

allow_capability SYS_IOCTL
allow_capability use_inet_udp

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/nviboot

6 /dev/tty 
4 /etc/init.d/nviboot 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/portmap

1 /bin/sleep 
6 /dev/tty 
4 /etc/default/portmap 
4 /etc/init.d/portmap 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /sbin/start-stop-daemon 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/portmap /bin/sleep

4 /lib/libpthread-0.10.so 
4 /proc/sys/kernel/version 

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/portmap /sbin/start-stop-daemon

1 /sbin/portmap 

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/pppd-dns

6 /dev/tty 
4 /etc/init.d/pppd-dns 
4 /etc/nsswitch.conf 
4 /etc/passwd 
1 /etc/ppp/ip-down.d/0000usepeerdns 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/pppd-dns /etc/ppp/ip-down.d/0000usepeerdns

1 /bin/readlink 
6 /dev/tty 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /etc/ppp/ip-down.d/0000usepeerdns 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/pppd-dns /etc/ppp/ip-down.d/0000usepeerdns /bin/readlink


<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/urandom

1 /bin/cat 
1 /bin/dd 
1 /bin/rm 
2 /dev/null 
6 /dev/tty 
2 /dev/urandom 
4 /etc/default/rcS 
4 /etc/init.d/urandom 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/urandom /bin/cat

4 /proc/sys/kernel/random/poolsize 
4 /var/lib/urandom/random-seed 

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/urandom /bin/dd

4 /dev/urandom 
2 /var/lib/urandom/random-seed 

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/urandom /bin/rm

2 /var/lib/urandom/random-seed 
allow_capability SYS_IOCTL
allow_capability SYS_UNLINK

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/xfree86-common

1 /bin/chmod 
1 /bin/chown 
1 /bin/mkdir 
2 /dev/null 
6 /dev/tty 
4 /etc/init.d/xfree86-common 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /usr/bin/which 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/xfree86-common /bin/chmod

allow_capability SYS_CHMOD

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/xfree86-common /bin/chown

4 /etc/group 
4 /etc/nsswitch.conf 
4 /etc/passwd 

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/xfree86-common /bin/mkdir

7 /tmp/.ICE-unix/ 
7 /tmp/.X11-unix/ 

<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/xfree86-common /usr/bin/which

6 /dev/tty 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
4 /usr/bin/which 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /lib/init/readlink


<kernel> /sbin/init /etc/init.d/rcS /sbin/fsck

4 /etc/blkid.tab 
4 /etc/fstab 
4 /lib/libblkid.so.1.0 
4 /lib/libuuid.so.1.2 
1 /sbin/fsck.ext3 

<kernel> /sbin/init /etc/init.d/rcS /sbin/fsck /sbin/fsck.ext3

6 /dev/null 
6 /dev/sda1 
6 /dev/sda5 
6 /dev/sda6 
6 /dev/sda8 
6 /dev/sda9 
4 /etc/blkid.tab 
4 /lib/libblkid.so.1.0 
4 /lib/libcom_err.so.2.1 
4 /lib/libext2fs.so.2.4 
4 /lib/libuuid.so.1.2 
4 /proc/\$/mounts 
4 /proc/swaps 
allow_capability SYS_IOCTL
allow_capability SYS_UNLINK

<kernel> /sbin/init /etc/init.d/rcS /sbin/hwclock

4 /dev/rtc 
4 /usr/share/zoneinfo/Asia/Tokyo 
allow_capability SYS_TIME

<kernel> /sbin/init /etc/init.d/rcS /sbin/swapon

4 /etc/blkid.tab 
4 /etc/fstab 
4 /lib/libblkid.so.1.0 
4 /lib/libuuid.so.1.2 
4 /proc/swaps 

<kernel> /sbin/init /etc/init.d/rcS /sbin/sysctl

4 /etc/sysctl.conf 
4 /lib/libproc.so.3.2.1 
4 /proc/\$/mounts 
4 /proc/stat 

<kernel> /sbin/init /etc/init.d/rcS /usr/bin/cut


<kernel> /sbin/init /etc/init.d/rcS /usr/bin/dumpkeys

6 /dev/tty 
4 /lib/libconsole.so.0.0.0 
4 /lib/libctutils.so.0.0.0 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /usr/bin/find

1 /bin/rm 
1 /bin/rmdir 

<kernel> /sbin/init /etc/init.d/rcS /usr/bin/find /bin/rm

2 /var/run/crond.pid 
2 /var/run/crond.reboot 
2 /var/run/rpc.statd.pid 
2 /var/run/samba/brlock.tdb 
2 /var/run/samba/connections.tdb 
2 /var/run/samba/gencache.tdb 
2 /var/run/samba/locking.tdb 
2 /var/run/samba/messages.tdb 
2 /var/run/samba/sessionid.tdb 
2 /var/run/samba/unexpected.tdb 
allow_capability SYS_IOCTL
allow_capability SYS_UNLINK

<kernel> /sbin/init /etc/init.d/rcS /usr/bin/find /bin/rmdir

7 /tmp/.ICE-unix/ 
7 /tmp/.X11-unix/ 

<kernel> /sbin/init /etc/init.d/rcS /usr/bin/locale


<kernel> /sbin/init /etc/init.d/rcS /usr/bin/setterm

4 /etc/terminfo/l/linux 
4 /lib/libncurses.so.5.4 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /usr/bin/tail

4 /lib/libpthread-0.10.so 
4 /proc/sys/kernel/version 

<kernel> /sbin/init /etc/init.d/rcS /usr/bin/tr


<kernel> /sbin/init /etc/init.d/rcS /usr/bin/unicode_stop

1 /bin/grep 
1 /bin/readlink 
6 /dev/tty 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
4 /usr/bin/unicode_stop 
1 /usr/bin/vt-is-UTF8 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /usr/bin/unicode_stop /bin/grep


<kernel> /sbin/init /etc/init.d/rcS /usr/bin/unicode_stop /bin/readlink


<kernel> /sbin/init /etc/init.d/rcS /usr/bin/unicode_stop /usr/bin/vt-is-UTF8

6 /dev/tty 
4 /lib/libconsole.so.0.0.0 
4 /lib/libctutils.so.0.0.0 
allow_capability SYS_IOCTL

<kernel> /sbin/init /etc/init.d/rcS /usr/bin/xargs


<kernel> /sbin/klogd

4 /boot/System.map-2.4.32-ccs 
4 /proc/kmsg 
4 /usr/share/zoneinfo/Asia/Tokyo 
6 /var/run/klogd.pid 
allow_capability SYS_UNLINK

<kernel> /sbin/modprobe

1 /sbin/insmod.modutils 
allow_capability use_kernel_module

<kernel> /sbin/modprobe /sbin/insmod.modutils

4 /etc/modules.conf 
4 /lib/modules/2.4.32-ccs/modules.dep 
4 /proc/\$/mounts 
4 /usr/share/zoneinfo/Asia/Tokyo 
2 /var/log/ksymoops/\* 

<kernel> /sbin/portmap

6 /dev/null 
4 /lib/libwrap.so.0.7.6 
allow_capability SYS_IOCTL
allow_capability inet_tcp_create
allow_capability inet_tcp_listen
allow_capability use_inet_udp
allow_bind TCP/0
allow_bind TCP/1009
allow_bind TCP/111
allow_bind UDP/0
allow_bind UDP/1008
allow_bind UDP/111
allow_connect UDP/796
allow_connect UDP/797
allow_connect UDP/800
allow_connect UDP/803
allow_connect UDP/804

<kernel> /sbin/rpc.statd

6 /dev/null 
4 /etc/host.conf 
4 /etc/hosts 
4 /etc/nsswitch.conf 
4 /etc/resolv.conf 
4 /etc/rpc 
4 /etc/services 
4 /lib/libnss_db-2.2.so 
4 /lib/libwrap.so.0.7.6 
4 /usr/lib/libdb3.so.3.0.2 
4 /usr/share/zoneinfo/Asia/Tokyo 
6 /var/lib/nfs/state 
2 /var/run/rpc.statd.pid 
allow_capability SYS_IOCTL
allow_capability SYS_UNLINK
allow_capability inet_tcp_create
allow_capability inet_tcp_listen
allow_capability use_inet_udp
allow_bind TCP/0
allow_bind TCP/801
allow_bind TCP/802
allow_bind UDP/0
allow_bind UDP/795
allow_bind UDP/796
allow_bind UDP/797
allow_bind UDP/798
allow_bind UDP/799
allow_bind UDP/800
allow_bind UDP/803
allow_bind UDP/804
allow_connect UDP/111

<kernel> /sbin/syslogd

2 /dev/log 
6 /dev/xconsole 
4 /etc/host.conf 
4 /etc/hosts 
4 /etc/nsswitch.conf 
4 /etc/resolv.conf 
4 /etc/services 
4 /etc/syslog.conf 
4 /lib/libnss_db-2.2.so 
4 /usr/lib/libdb3.so.3.0.2 
4 /usr/share/zoneinfo/Asia/Tokyo 
2 /var/log/auth.log 
2 /var/log/daemon.log 
2 /var/log/debug 
2 /var/log/kern.log 
2 /var/log/lpr.log 
2 /var/log/mail.err 
2 /var/log/mail.info 
2 /var/log/mail.log 
2 /var/log/mail.warn 
2 /var/log/messages 
2 /var/log/news/news.crit 
2 /var/log/news/news.err 
2 /var/log/news/news.notice 
2 /var/log/syslog 
2 /var/log/user.log 
2 /var/log/uucp.log 
6 /var/run/syslogd.pid 
allow_capability SYS_CHMOD
allow_capability SYS_IOCTL
allow_capability SYS_KILL
allow_capability SYS_UNLINK
allow_capability create_unix_socket

<kernel> /usr/sbin/afpd

6 /dev/null 
6 /dev/tty 
4 /etc/host.conf 
4 /etc/hosts 
4 /etc/netatalk/afpd.conf 
4 /etc/nsswitch.conf 
4 /etc/resolv.conf 
4 /etc/services 
4 /lib/libnss_db-2.2.so 
4 /lib/libpam.so.0.76 
4 /lib/libwrap.so.0.7.6 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/libdb-4.2.so 
4 /usr/lib/libdb3.so.3.0.2 
4 /usr/lib/libslp.so.1.0.0 
4 /usr/lib/netatalk/uams_pam.so 
4 /usr/share/zoneinfo/Asia/Tokyo 
2 /var/run/afpd.pid 
allow_capability SYS_IOCTL
allow_capability SYS_UNLINK
allow_capability inet_tcp_connect
allow_capability inet_tcp_create
allow_capability inet_tcp_listen
allow_bind TCP/548
allow_connect TCP/427

<kernel> /usr/sbin/apache2

6 /dev/null 
4 /dev/random 
4 /etc/apache2/apache2.conf 
4 /etc/apache2/conf.d/apache2-doc 
4 /etc/apache2/httpd.conf 
4 /etc/apache2/mods-available/cgi.load 
4 /etc/apache2/mods-available/mod_python.load 
4 /etc/apache2/mods-available/perl.conf 
4 /etc/apache2/mods-available/perl.load 
4 /etc/apache2/mods-available/php4.conf 
4 /etc/apache2/mods-available/php4.load 
4 /etc/apache2/mods-available/userdir.conf 
4 /etc/apache2/mods-available/userdir.load 
4 /etc/apache2/ports.conf 
4 /etc/apache2/sites-available/default 
4 /etc/group 
4 /etc/host.conf 
4 /etc/hosts 
4 /etc/mime.types 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /etc/php4/apache2/php.ini 
4 /etc/protocols 
4 /etc/python2.3/site.py 
4 /etc/resolv.conf 
4 /lib/libcom_err.so.2.1 
4 /lib/libnss_db-2.2.so 
4 /lib/libpthread-0.10.so 
4 /proc/\$/mounts 
4 /proc/sys/kernel/version 
4 /usr/lib/apache2/modules/libphp4.so 
4 /usr/lib/apache2/modules/mod_cgi.so 
4 /usr/lib/apache2/modules/mod_perl.so 
4 /usr/lib/apache2/modules/mod_python.so 
4 /usr/lib/apache2/modules/mod_userdir.so 
4 /usr/lib/i686/cmov/libcrypto.so.0.9.7 
4 /usr/lib/i686/cmov/libssl.so.0.9.7 
4 /usr/lib/libapr-0.so.0.9.6 
4 /usr/lib/libaprutil-0.so.0.9.6 
4 /usr/lib/libbz2.so.1.0.2 
4 /usr/lib/libdb-4.2.so 
4 /usr/lib/libdb3.so.3.0.2 
4 /usr/lib/libexpat.so.1.0.0 
4 /usr/lib/libgcrypt.so.11.1.1 
4 /usr/lib/libgnutls.so.11.1.16 
4 /usr/lib/libgpg-error.so.0.1.3 
4 /usr/lib/libgssapi_krb5.so.2.2 
4 /usr/lib/libk5crypto.so.3.0 
4 /usr/lib/libkrb5.so.3.2 
4 /usr/lib/liblber.so.2.0.130 
4 /usr/lib/libldap_r.so.2.0.130 
4 /usr/lib/libpcre.so.3.10.0 
4 /usr/lib/libperl.so.5.8.4 
4 /usr/lib/libpython2.3.so.1.0 
4 /usr/lib/libsasl2.so.2.0.19 
4 /usr/lib/libtasn1.so.2.0.10 
4 /usr/lib/libz.so.1.2.2 
4 /usr/lib/libzzip-0.so.12.0.83 
4 /usr/lib/perl/5.8.4/Config.pm 
4 /usr/lib/perl/5.8.4/DynaLoader.pm 
4 /usr/lib/perl/5.8.4/re.pm 
4 /usr/lib/perl5/Apache2.pm 
4 /usr/lib/python2.3/UserDict.py 
4 /usr/lib/python2.3/UserDict.pyc 
4 /usr/lib/python2.3/bdb.py 
4 /usr/lib/python2.3/bdb.pyc 
4 /usr/lib/python2.3/cmd.py 
4 /usr/lib/python2.3/cmd.pyc 
4 /usr/lib/python2.3/codecs.py 
4 /usr/lib/python2.3/codecs.pyc 
4 /usr/lib/python2.3/copy_reg.py 
4 /usr/lib/python2.3/copy_reg.pyc 
4 /usr/lib/python2.3/encodings/__init__.py 
4 /usr/lib/python2.3/encodings/__init__.pyc 
4 /usr/lib/python2.3/encodings/aliases.py 
4 /usr/lib/python2.3/encodings/aliases.pyc 
4 /usr/lib/python2.3/encodings/ascii.py 
4 /usr/lib/python2.3/encodings/ascii.pyc 
4 /usr/lib/python2.3/lib-dynload/cStringIO.so 
4 /usr/lib/python2.3/lib-dynload/strop.so 
4 /usr/lib/python2.3/lib-dynload/syslog.so 
4 /usr/lib/python2.3/lib-dynload/time.so 
4 /usr/lib/python2.3/linecache.py 
4 /usr/lib/python2.3/linecache.pyc 
4 /usr/lib/python2.3/os.py 
4 /usr/lib/python2.3/os.pyc 
4 /usr/lib/python2.3/pdb.py 
4 /usr/lib/python2.3/pdb.pyc 
4 /usr/lib/python2.3/posixpath.py 
4 /usr/lib/python2.3/posixpath.pyc 
4 /usr/lib/python2.3/pprint.py 
4 /usr/lib/python2.3/pprint.pyc 
4 /usr/lib/python2.3/re.py 
4 /usr/lib/python2.3/re.pyc 
4 /usr/lib/python2.3/repr.py 
4 /usr/lib/python2.3/repr.pyc 
4 /usr/lib/python2.3/site-packages/mod_python/__init__.py 
4 /usr/lib/python2.3/site-packages/mod_python/__init__.pyc 
4 /usr/lib/python2.3/site-packages/mod_python/apache.py 
4 /usr/lib/python2.3/site-packages/mod_python/apache.pyc 
4 /usr/lib/python2.3/site.pyc 
4 /usr/lib/python2.3/sre.py 
4 /usr/lib/python2.3/sre.pyc 
4 /usr/lib/python2.3/sre_compile.py 
4 /usr/lib/python2.3/sre_compile.pyc 
4 /usr/lib/python2.3/sre_constants.py 
4 /usr/lib/python2.3/sre_constants.pyc 
4 /usr/lib/python2.3/sre_parse.py 
4 /usr/lib/python2.3/sre_parse.pyc 
4 /usr/lib/python2.3/stat.py 
4 /usr/lib/python2.3/stat.pyc 
4 /usr/lib/python2.3/string.py 
4 /usr/lib/python2.3/string.pyc 
4 /usr/lib/python2.3/traceback.py 
4 /usr/lib/python2.3/traceback.pyc 
4 /usr/lib/python2.3/types.py 
4 /usr/lib/python2.3/types.pyc 
4 /usr/lib/python2.3/warnings.py 
4 /usr/lib/python2.3/warnings.pyc 
4 /usr/share/misc/file/magic.mime 
4 /usr/share/perl/5.8.4/AutoLoader.pm 
4 /usr/share/perl/5.8.4/Carp.pm 
4 /usr/share/perl/5.8.4/Exporter.pm 
4 /usr/share/perl/5.8.4/File/Basename.pm 
4 /usr/share/perl/5.8.4/strict.pm 
4 /usr/share/perl/5.8.4/vars.pm 
4 /usr/share/perl/5.8.4/warnings.pm 
4 /usr/share/perl/5.8.4/warnings/register.pm 
4 /usr/share/zoneinfo/Asia/Tokyo 
2 /var/log/apache2/access.log 
2 /var/log/apache2/error.log 
6 /var/run/apache2.pid 
allow_capability SYS_IOCTL
allow_capability SYS_KILL
allow_capability SYS_UNLINK
allow_capability inet_tcp_create
allow_capability inet_tcp_listen
allow_bind TCP/0
allow_bind TCP/80
allow_signal 15 <kernel> /sbin/init /etc/init.d/rc /etc/init.d/apache2 /usr/bin/env /usr/sbin/apache2ctl /usr/sbin/apache2

<kernel> /usr/sbin/atalkd

4 /etc/netatalk/atalkd.conf 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/atd

6 /dev/null 
4 /etc/group 
4 /etc/nsswitch.conf 
4 /etc/passwd 
6 /var/run/atd.pid 
allow_capability SYS_UNLINK

<kernel> /usr/sbin/cron

1 /bin/bash 
1 /bin/cat 
1 /bin/chgrp 
1 /bin/chmod 
1 /bin/chown 
1 /bin/cp 
1 /bin/date 
1 /bin/df 
1 /bin/grep 
1 /bin/gzip 
1 /bin/ln 
1 /bin/ls 
1 /bin/mv 
1 /bin/rm 
1 /bin/run-parts 
1 /bin/sed 
1 /bin/su 
1 /bin/touch 
6 /dev/null 
6 /dev/tty 
4 /dev/urandom 
4 /etc/cron.d/php4 
5 /etc/cron.daily/bsdmainutils 
5 /etc/cron.daily/exim4-base 
5 /etc/cron.daily/find 
5 /etc/cron.daily/logrotate 
5 /etc/cron.daily/man-db 
5 /etc/cron.daily/modutils 
5 /etc/cron.daily/netkit-inetd 
5 /etc/cron.daily/samba 
5 /etc/cron.daily/standard 
5 /etc/cron.daily/sysklogd 
4 /etc/crontab 
4 /etc/environment 
4 /etc/group 
4 /etc/gshadow 
4 /etc/inetd.conf 
5 /etc/init.d/sysklogd 
4 /etc/login.defs 
4 /etc/logrotate.conf 
4 /etc/logrotate.d/apache2 
4 /etc/logrotate.d/aptitude 
4 /etc/logrotate.d/base-config 
4 /etc/logrotate.d/exim4-base 
4 /etc/logrotate.d/ppp 
4 /etc/logrotate.d/samba 
4 /etc/manpath.config 
4 /etc/nsswitch.conf 
4 /etc/pam.d/common-account 
4 /etc/pam.d/common-auth 
4 /etc/pam.d/common-password 
4 /etc/pam.d/common-session 
4 /etc/pam.d/cron 
4 /etc/pam.d/other 
4 /etc/pam.d/su 
4 /etc/passwd 
4 /etc/security/limits.conf 
4 /etc/security/pam_env.conf 
4 /etc/shadow 
4 /etc/syslog.conf 
4 /etc/updatedb.conf 
4 /lib/libacl.so.1.1.0 
4 /lib/libattr.so.1.1.0 
4 /lib/libcap.so.1.10 
4 /lib/libncurses.so.5.4 
4 /lib/libpam.so.0.76 
4 /lib/libpam_misc.so.0.76 
4 /lib/libpopt.so.0.0.0 
4 /lib/libpthread-0.10.so 
4 /lib/security/pam_env.so 
4 /lib/security/pam_limits.so 
4 /lib/security/pam_rootok.so 
4 /lib/security/pam_unix.so 
4 /proc/\$/cmdline 
4 /proc/\$/mounts 
4 /proc/ksyms 
4 /proc/modules 
4 /proc/sys/kernel/version 
5 /sbin/insmod_ksymoops_clean 
1 /sbin/start-stop-daemon 
6 /tmp/zman\?\?\?\?\?\? 
4 /usr/X11R6/man/man1/bdftopcf.1x.gz 
4 /usr/X11R6/man/man1/bdftruncate.1x.gz 
4 /usr/X11R6/man/man1/ccmakedep.1x.gz 
4 /usr/X11R6/man/man1/cleanlinks.1x.gz 
4 /usr/X11R6/man/man1/fslsfonts.1x.gz 
4 /usr/X11R6/man/man1/gccmakedep.1x.gz 
4 /usr/X11R6/man/man1/imake.1x.gz 
4 /usr/X11R6/man/man1/lndir.1x.gz 
4 /usr/X11R6/man/man1/luit.1x.gz 
4 /usr/X11R6/man/man1/makedepend.1x.gz 
4 /usr/X11R6/man/man1/makeg.1x.gz 
4 /usr/X11R6/man/man1/makepsres.1x.gz 
4 /usr/X11R6/man/man1/makestrs.1x.gz 
4 /usr/X11R6/man/man1/mergelib.1x.gz 
4 /usr/X11R6/man/man1/mkcfm.1x.gz 
4 /usr/X11R6/man/man1/mkdirhier.1x.gz 
4 /usr/X11R6/man/man1/mkfontdir.1x.gz 
4 /usr/X11R6/man/man1/mkhtmlindex.1x.gz 
4 /usr/X11R6/man/man1/pcitweak.1x.gz 
4 /usr/X11R6/man/man1/pswrap.1x.gz 
4 /usr/X11R6/man/man1/resize.1x.gz 
4 /usr/X11R6/man/man1/revpath.1x.gz 
4 /usr/X11R6/man/man1/rstart.1x.gz 
4 /usr/X11R6/man/man1/rstartd.1x.gz 
4 /usr/X11R6/man/man1/scanpci.1x.gz 
4 /usr/X11R6/man/man1/sessreg.1x.gz 
4 /usr/X11R6/man/man1/showfont.1x.gz 
4 /usr/X11R6/man/man1/showrgb.1x.gz 
4 /usr/X11R6/man/man1/ucs2any.1x.gz 
4 /usr/X11R6/man/man1/xfsinfo.1x.gz 
4 /usr/X11R6/man/man1/xmkmf.1x.gz 
4 /usr/X11R6/man/man1/xon.1x.gz 
4 /usr/X11R6/man/man7/X.7x.gz 
4 /usr/X11R6/man/man7/X.Org.7x.gz 
4 /usr/X11R6/man/man7/XConsortium.7x.gz 
4 /usr/X11R6/man/man7/XProjectTeam.7x.gz 
4 /usr/X11R6/man/man7/XStandards.7x.gz 
4 /usr/X11R6/man/man7/Xsecurity.7x.gz 
1 /usr/bin/basename 
1 /usr/bin/cmp 
1 /usr/bin/dirname 
1 /usr/bin/find 
1 /usr/bin/getent 
1 /usr/bin/head 
1 /usr/bin/mawk 
1 /usr/bin/nice 
5 /usr/bin/savelog 
1 /usr/bin/sort 
1 /usr/bin/tr 
5 /usr/bin/updatedb 
1 /usr/bin/xargs 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
4 /usr/lib/libgdbm.so.3.0.0 
1 /usr/lib/locate/frcode 
1 /usr/lib/man-db/mandb 
4 /usr/lib/perl/5.8.4/POSIX.pm 
4 /usr/lib/perl/5.8.4/XSLoader.pm 
4 /usr/lib/perl/5.8.4/auto/POSIX/POSIX.so 
4 /usr/lib/perl/5.8.4/auto/POSIX/autosplit.ix 
4 /usr/lib/perl/5.8.4/auto/POSIX/load_imports.al 
5 /usr/sbin/dpkg-statoverride 
1 /usr/sbin/logrotate 
5 /usr/sbin/syslogd-listfiles 
4 /usr/share/locale/ja/LC_MESSAGES/grep.mo 
4 /usr/share/man/\*/\* 
4 /usr/share/perl/5.8.4/AutoLoader.pm 
4 /usr/share/perl/5.8.4/Exporter.pm 
4 /usr/share/perl/5.8.4/Exporter/Heavy.pm 
4 /usr/share/perl/5.8.4/strict.pm 
4 /usr/share/zoneinfo/Asia/Tokyo 
2 /var/backups/dpkg.status 
2 /var/backups/dpkg.status.0 
2 /var/backups/group.bak 
2 /var/backups/gshadow.bak 
2 /var/backups/inetd.conf.bak 
2 /var/backups/passwd.bak 
2 /var/backups/shadow.bak 
2 /var/cache/locate/locatedb 
2 /var/cache/locate/locatedb.n 
6 /var/cache/man/\$ 
7 /var/cache/man/X11R6/cat1/ 
7 /var/cache/man/X11R6/cat7/ 
2 /var/cache/man/cat8/apt-cache.8.gz 
6 /var/cache/man/index.db 
4 /var/lib/dpkg/statoverride 
4 /var/lib/dpkg/status 
2 /var/lib/logrotate/status 
2 /var/log/\* 
2 /var/log/ksymoops/\* 
6 /var/run/crond.pid 
2 /var/run/crond.reboot 
4 /var/run/syslogd.pid 
allow_capability SYS_CHMOD
allow_capability SYS_CHOWN
allow_capability SYS_IOCTL
allow_capability SYS_KILL
allow_capability SYS_LINK
allow_capability SYS_NICE
allow_capability SYS_RENAME
allow_capability SYS_UNLINK
allow_signal 1 <kernel> /sbin/syslogd

<kernel> /usr/sbin/cron /bin/bash

1 /bin/run-parts 
6 /dev/tty 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /usr/bin/find 
1 /usr/bin/xargs 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
1 /usr/lib/php4/maxlifetime 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts

1 /etc/cron.daily/bsdmainutils 
1 /etc/cron.daily/exim4-base 
1 /etc/cron.daily/find 
1 /etc/cron.daily/logrotate 
1 /etc/cron.daily/man-db 
1 /etc/cron.daily/modutils 
1 /etc/cron.daily/netkit-inetd 
1 /etc/cron.daily/samba 
1 /etc/cron.daily/standard 
1 /etc/cron.daily/sysklogd 
1 /etc/cron.monthly/standard 
1 /etc/cron.weekly/lpr 
1 /etc/cron.weekly/man-db 
1 /etc/cron.weekly/sysklogd 

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/bsdmainutils

6 /dev/tty 
4 /etc/cron.daily/bsdmainutils 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/exim4-base

1 /bin/rm 
2 /dev/null 
6 /dev/tty 
4 /etc/cron.daily/exim4-base 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /usr/bin/find 
1 /usr/bin/xargs 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/exim4-base /bin/rm

allow_capability SYS_IOCTL
allow_capability SYS_UNLINK

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/exim4-base /usr/bin/find

4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/exim4-base /usr/bin/xargs


<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/find

2 /dev/null 
6 /dev/tty 
4 /etc/cron.daily/find 
4 /etc/updatedb.conf 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /usr/bin/getent 
1 /usr/bin/nice 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/find /usr/bin/getent

4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /usr/lib/gconv/gconv-modules 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/find /usr/bin/nice

1 /usr/bin/updatedb 
allow_capability SYS_NICE

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/find /usr/bin/nice /usr/bin/updatedb

1 /bin/chmod 
1 /bin/mv 
1 /bin/rm 
1 /bin/sed 
1 /bin/su 
6 /dev/tty 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /usr/bin/sort 
4 /usr/bin/updatedb 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
1 /usr/lib/locate/frcode 
2 /var/cache/locate/locatedb.n 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/find /usr/bin/nice /usr/bin/updatedb /bin/chmod

allow_capability SYS_CHMOD

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/find /usr/bin/nice /usr/bin/updatedb /bin/mv

4 /lib/libacl.so.1.1.0 
4 /lib/libattr.so.1.1.0 
2 /var/cache/locate/locatedb 
2 /var/cache/locate/locatedb.n 
allow_capability SYS_IOCTL
allow_capability SYS_RENAME

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/find /usr/bin/nice /usr/bin/updatedb /bin/rm

2 /var/cache/locate/locatedb 
allow_capability SYS_IOCTL
allow_capability SYS_UNLINK

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/find /usr/bin/nice /usr/bin/updatedb /bin/sed

4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/find /usr/bin/nice /usr/bin/updatedb /bin/su

1 /bin/bash 
4 /etc/group 
4 /etc/login.defs 
4 /etc/nsswitch.conf 
4 /etc/pam.d/common-account 
4 /etc/pam.d/common-auth 
4 /etc/pam.d/common-password 
4 /etc/pam.d/common-session 
4 /etc/pam.d/other 
4 /etc/pam.d/su 
4 /etc/passwd 
4 /etc/security/limits.conf 
4 /etc/shadow 
4 /lib/libcap.so.1.10 
4 /lib/libpam.so.0.76 
4 /lib/libpam_misc.so.0.76 
4 /lib/security/pam_limits.so 
4 /lib/security/pam_rootok.so 
4 /lib/security/pam_unix.so 
4 /usr/share/zoneinfo/Asia/Tokyo 
allow_capability SYS_IOCTL
allow_capability SYS_NICE

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/find /usr/bin/nice /usr/bin/updatedb /bin/su /bin/bash

6 /dev/tty 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /usr/bin/find 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/find /usr/bin/nice /usr/bin/updatedb /bin/su /bin/bash /usr/bin/find

4 /proc/\$/mounts 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/find /usr/bin/nice /usr/bin/updatedb /usr/bin/sort

4 /proc/\$/mounts 

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/find /usr/bin/nice /usr/bin/updatedb /usr/lib/locate/frcode


<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/logrotate

6 /dev/tty 
4 /etc/cron.daily/logrotate 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
1 /usr/sbin/logrotate 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/logrotate /usr/sbin/logrotate

1 /bin/bash 
1 /bin/gzip 
4 /etc/group 
4 /etc/logrotate.conf 
4 /etc/logrotate.d/apache2 
4 /etc/logrotate.d/aptitude 
4 /etc/logrotate.d/base-config 
4 /etc/logrotate.d/exim4-base 
4 /etc/logrotate.d/ppp 
4 /etc/logrotate.d/samba 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libpopt.so.0.0.0 
6 /tmp/logrotate.\?\?\?\?\?\? 
4 /usr/share/zoneinfo/Asia/Tokyo 
6 /var/lib/logrotate/status 
6 /var/log/\*/\*
6 /var/log/\*
allow_capability SYS_CHMOD
allow_capability SYS_CHOWN
allow_capability SYS_RENAME
allow_capability SYS_UNLINK

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/logrotate /usr/sbin/logrotate /bin/bash

1 /bin/cat 
2 /dev/null 
6 /dev/tty 
1 /etc/init.d/apache2 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
4 /tmp/logrotate.\?\?\?\?\?\? 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
1 /usr/sbin/invoke-rc.d 
allow_capability SYS_IOCTL
allow_capability SYS_KILL
allow_signal 1 <kernel> /usr/sbin/nmbd

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/logrotate /usr/sbin/logrotate /bin/bash /bin/cat

4 /var/run/samba/nmbd.pid 

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/logrotate /usr/sbin/logrotate /bin/bash /etc/init.d/apache2

1 /bin/cat 
1 /bin/grep 
1 /bin/sleep 
2 /dev/null 
6 /dev/tty 
4 /etc/default/apache2 
4 /etc/default/rcS 
4 /etc/init.d/apache2 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /usr/bin/env 
1 /usr/bin/expr 
1 /usr/bin/mawk 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
1 /usr/sbin/apache2 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/logrotate /usr/sbin/logrotate /bin/bash /etc/init.d/apache2 /bin/cat

4 /var/run/apache2.pid 

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/logrotate /usr/sbin/logrotate /bin/bash /etc/init.d/apache2 /bin/grep

4 /etc/apache2/README 
4 /etc/apache2/apache2.conf 
4 /etc/apache2/conf.d/apache2-doc 
4 /etc/apache2/envvars 
4 /etc/apache2/httpd.conf 
4 /etc/apache2/magic 
4 /etc/apache2/mods-available/actions.load 
4 /etc/apache2/mods-available/asis.load 
4 /etc/apache2/mods-available/auth_anon.load 
4 /etc/apache2/mods-available/auth_dbm.load 
4 /etc/apache2/mods-available/auth_digest.load 
4 /etc/apache2/mods-available/auth_ldap.load 
4 /etc/apache2/mods-available/cache.load 
4 /etc/apache2/mods-available/cern_meta.load 
4 /etc/apache2/mods-available/cgi.load 
4 /etc/apache2/mods-available/cgid.conf 
4 /etc/apache2/mods-available/cgid.load 
4 /etc/apache2/mods-available/dav.load 
4 /etc/apache2/mods-available/dav_fs.conf 
4 /etc/apache2/mods-available/dav_fs.load 
4 /etc/apache2/mods-available/deflate.load 
4 /etc/apache2/mods-available/disk_cache.load 
4 /etc/apache2/mods-available/expires.load 
4 /etc/apache2/mods-available/ext_filter.load 
4 /etc/apache2/mods-available/file_cache.load 
4 /etc/apache2/mods-available/headers.load 
4 /etc/apache2/mods-available/imap.load 
4 /etc/apache2/mods-available/include.load 
4 /etc/apache2/mods-available/info.load 
4 /etc/apache2/mods-available/ldap.load 
4 /etc/apache2/mods-available/mem_cache.load 
4 /etc/apache2/mods-available/mime_magic.conf 
4 /etc/apache2/mods-available/mime_magic.load 
4 /etc/apache2/mods-available/mod_python.load 
4 /etc/apache2/mods-available/perl.conf 
4 /etc/apache2/mods-available/perl.load 
4 /etc/apache2/mods-available/php4.conf 
4 /etc/apache2/mods-available/php4.load 
4 /etc/apache2/mods-available/proxy.conf 
4 /etc/apache2/mods-available/proxy.load 
4 /etc/apache2/mods-available/proxy_connect.load 
4 /etc/apache2/mods-available/proxy_ftp.load 
4 /etc/apache2/mods-available/proxy_http.load 
4 /etc/apache2/mods-available/rewrite.load 
4 /etc/apache2/mods-available/speling.load 
4 /etc/apache2/mods-available/ssl.conf 
4 /etc/apache2/mods-available/ssl.load 
4 /etc/apache2/mods-available/suexec.load 
4 /etc/apache2/mods-available/unique_id.load 
4 /etc/apache2/mods-available/userdir.conf 
4 /etc/apache2/mods-available/userdir.load 
4 /etc/apache2/mods-available/usertrack.load 
4 /etc/apache2/mods-available/vhost_alias.load 
4 /etc/apache2/ports.conf 
4 /etc/apache2/sites-available/default 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/logrotate /usr/sbin/logrotate /bin/bash /etc/init.d/apache2 /bin/sleep

4 /lib/libpthread-0.10.so 
4 /proc/sys/kernel/version 

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/logrotate /usr/sbin/logrotate /bin/bash /etc/init.d/apache2 /usr/bin/env

1 /usr/sbin/apache2 
1 /usr/sbin/apache2ctl 

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/logrotate /usr/sbin/logrotate /bin/bash /etc/init.d/apache2 /usr/bin/env /usr/sbin/apache2ctl

6 /dev/tty 
4 /etc/apache2/envvars 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /usr/sbin/apache2 
4 /usr/sbin/apache2ctl 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/logrotate /usr/sbin/logrotate /bin/bash /etc/init.d/apache2 /usr/bin/expr


<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/logrotate /usr/sbin/logrotate /bin/bash /etc/init.d/apache2 /usr/bin/mawk

allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/logrotate /usr/sbin/logrotate /bin/bash /usr/sbin/invoke-rc.d

1 /bin/ls 
1 /bin/sed 
2 /dev/null 
6 /dev/tty 
1 /etc/init.d/samba 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /sbin/runlevel 
1 /usr/bin/xargs 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
4 /usr/sbin/invoke-rc.d 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/logrotate /usr/sbin/logrotate /bin/bash /usr/sbin/invoke-rc.d /bin/ls

4 /etc/group 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libacl.so.1.1.0 
4 /lib/libattr.so.1.1.0 
4 /lib/libpthread-0.10.so 
4 /proc/sys/kernel/version 
4 /usr/lib/gconv/gconv-modules 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/logrotate /usr/sbin/logrotate /bin/bash /usr/sbin/invoke-rc.d /bin/sed

4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/logrotate /usr/sbin/logrotate /bin/bash /usr/sbin/invoke-rc.d /etc/init.d/samba

6 /dev/tty 
4 /etc/default/samba 
4 /etc/init.d/samba 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /sbin/start-stop-daemon 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/logrotate /usr/sbin/logrotate /bin/bash /usr/sbin/invoke-rc.d /etc/init.d/samba /sbin/start-stop-daemon

4 /var/run/samba/smbd.pid 
allow_capability SYS_KILL
allow_signal 1 <kernel> /usr/sbin/smbd

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/logrotate /usr/sbin/logrotate /bin/bash /usr/sbin/invoke-rc.d /sbin/runlevel

6 /var/run/utmp 

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/logrotate /usr/sbin/logrotate /bin/bash /usr/sbin/invoke-rc.d /usr/bin/xargs

1 /bin/echo 

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/logrotate /usr/sbin/logrotate /bin/bash /usr/sbin/invoke-rc.d /usr/bin/xargs /bin/echo


<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/logrotate /usr/sbin/logrotate /bin/gzip

allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/man-db

1 /bin/chown 
2 /dev/null 
6 /dev/tty 
4 /etc/cron.daily/man-db 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /sbin/start-stop-daemon 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
1 /usr/sbin/dpkg-statoverride 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/man-db /bin/chown

4 /etc/nsswitch.conf 
4 /etc/passwd 

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/man-db /sbin/start-stop-daemon

1 /bin/bash 
4 /dev/null 
4 /etc/group 
4 /etc/nsswitch.conf 
4 /etc/passwd 
1 /usr/lib/man-db/mandb 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/man-db /sbin/start-stop-daemon /bin/bash

6 /dev/tty 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /usr/bin/find 
1 /usr/bin/xargs 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/man-db /sbin/start-stop-daemon /bin/bash /usr/bin/find

4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/man-db /sbin/start-stop-daemon /bin/bash /usr/bin/xargs

1 /bin/rm 

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/man-db /sbin/start-stop-daemon /bin/bash /usr/bin/xargs /bin/rm

2 /var/cache/man/cat5/apt.conf.5.gz 
allow_capability SYS_IOCTL
allow_capability SYS_UNLINK

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/man-db /sbin/start-stop-daemon /usr/lib/man-db/mandb

4 /etc/manpath.config 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /usr/lib/libgdbm.so.3.0.0 
6 /var/cache/man/\$ 
6 /var/cache/man/\*/\$ 
4 /var/cache/man/X11R6/index.db 
4 /var/cache/man/index.db 
allow_capability SYS_UNLINK

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/man-db /usr/sbin/dpkg-statoverride

4 /dev/urandom 
4 /lib/libpthread-0.10.so 
4 /proc/sys/kernel/version 
4 /usr/lib/perl/5.8.4/POSIX.pm 
4 /usr/lib/perl/5.8.4/XSLoader.pm 
4 /usr/lib/perl/5.8.4/auto/POSIX/POSIX.so 
4 /usr/lib/perl/5.8.4/auto/POSIX/autosplit.ix 
4 /usr/lib/perl/5.8.4/auto/POSIX/load_imports.al 
4 /usr/sbin/dpkg-statoverride 
4 /usr/share/perl/5.8.4/AutoLoader.pm 
4 /usr/share/perl/5.8.4/Exporter.pm 
4 /usr/share/perl/5.8.4/Exporter/Heavy.pm 
4 /usr/share/perl/5.8.4/strict.pm 
4 /var/lib/dpkg/statoverride 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/modutils

6 /dev/tty 
4 /etc/cron.daily/modutils 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /sbin/insmod_ksymoops_clean 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/modutils /sbin/insmod_ksymoops_clean

1 /bin/cp 
1 /bin/date 
6 /dev/tty 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
4 /sbin/insmod_ksymoops_clean 
1 /usr/bin/find 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/modutils /sbin/insmod_ksymoops_clean /bin/cp

4 /lib/libacl.so.1.1.0 
4 /lib/libattr.so.1.1.0 
4 /proc/ksyms 
4 /proc/modules 
2 /var/log/ksymoops/\* 
allow_capability SYS_CHMOD
allow_capability SYS_CHOWN

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/modutils /sbin/insmod_ksymoops_clean /bin/date

4 /lib/libpthread-0.10.so 
4 /proc/sys/kernel/version 
4 /usr/lib/gconv/gconv-modules 
4 /usr/share/zoneinfo/Asia/Tokyo 

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/modutils /sbin/insmod_ksymoops_clean /usr/bin/find

1 /bin/rm 

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/modutils /sbin/insmod_ksymoops_clean /usr/bin/find /bin/rm

2 /var/log/ksymoops/\* 
allow_capability SYS_IOCTL
allow_capability SYS_UNLINK

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/netkit-inetd

6 /dev/tty 
4 /etc/cron.daily/netkit-inetd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /usr/bin/cmp 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/netkit-inetd /usr/bin/cmp

4 /etc/inetd.conf 
4 /var/backups/inetd.conf.bak 

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/samba

6 /dev/tty 
4 /etc/cron.daily/samba 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/standard

1 /bin/df 
1 /bin/grep 
1 /bin/ls 
1 /bin/sed 
6 /dev/tty 
4 /etc/cron.daily/standard 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /usr/bin/cmp 
1 /usr/bin/mawk 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/standard /bin/df

4 /proc/\$/mounts 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/standard /bin/grep

4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
4 /usr/share/locale/ja/LC_MESSAGES/grep.mo 

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/standard /bin/ls

4 /etc/group 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libacl.so.1.1.0 
4 /lib/libattr.so.1.1.0 
4 /lib/libpthread-0.10.so 
4 /proc/sys/kernel/version 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/standard /bin/sed

4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/standard /usr/bin/cmp

4 /etc/group 
4 /etc/gshadow 
4 /etc/passwd 
4 /etc/shadow 
4 /var/backups/dpkg.status.0 
4 /var/backups/group.bak 
4 /var/backups/gshadow.bak 
4 /var/backups/passwd.bak 
4 /var/backups/shadow.bak 
4 /var/lib/dpkg/status 

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/standard /usr/bin/mawk

allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/sysklogd

1 /bin/chmod 
1 /bin/chown 
2 /dev/null 
6 /dev/tty 
4 /etc/cron.daily/sysklogd 
1 /etc/init.d/sysklogd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /usr/bin/savelog 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
1 /usr/sbin/syslogd-listfiles 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/sysklogd /bin/chmod

allow_capability SYS_CHMOD

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/sysklogd /bin/chown

4 /etc/group 
4 /etc/nsswitch.conf 
4 /etc/passwd 

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/sysklogd /etc/init.d/sysklogd

1 /bin/cat 
6 /dev/tty 
4 /etc/init.d/sysklogd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /sbin/start-stop-daemon 
1 /usr/bin/head 
1 /usr/bin/tr 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/sysklogd /etc/init.d/sysklogd /bin/cat

4 /proc/\$/cmdline 
4 /var/run/syslogd.pid 

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/sysklogd /etc/init.d/sysklogd /sbin/start-stop-daemon

4 /var/run/syslogd.pid 
allow_capability SYS_KILL
allow_signal 1 <kernel> /sbin/syslogd

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/sysklogd /etc/init.d/sysklogd /usr/bin/head

4 /usr/lib/gconv/gconv-modules 

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/sysklogd /etc/init.d/sysklogd /usr/bin/tr


<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/sysklogd /usr/bin/savelog

1 /bin/chgrp 
1 /bin/chmod 
1 /bin/chown 
1 /bin/date 
1 /bin/gzip 
1 /bin/ln 
1 /bin/mv 
1 /bin/rm 
1 /bin/touch 
6 /dev/tty 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /usr/bin/basename 
1 /usr/bin/dirname 
4 /usr/bin/savelog 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/sysklogd /usr/bin/savelog /bin/chgrp

4 /etc/group 
4 /etc/nsswitch.conf 
allow_capability SYS_CHOWN

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/sysklogd /usr/bin/savelog /bin/chmod

allow_capability SYS_CHMOD

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/sysklogd /usr/bin/savelog /bin/chown

4 /etc/nsswitch.conf 
4 /etc/passwd 

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/sysklogd /usr/bin/savelog /bin/date

4 /lib/libpthread-0.10.so 
4 /proc/sys/kernel/version 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
4 /usr/share/zoneinfo/Asia/Tokyo 

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/sysklogd /usr/bin/savelog /bin/gzip

6 /var/log/syslog.\* 
allow_capability SYS_CHMOD
allow_capability SYS_CHOWN
allow_capability SYS_UNLINK

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/sysklogd /usr/bin/savelog /bin/ln

2 /var/log/syslog.0 
allow_capability SYS_LINK

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/sysklogd /usr/bin/savelog /bin/mv

4 /lib/libacl.so.1.1.0 
4 /lib/libattr.so.1.1.0 
2 /var/log/syslog 
2 /var/log/syslog.\*
allow_capability SYS_IOCTL
allow_capability SYS_RENAME

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/sysklogd /usr/bin/savelog /bin/rm

allow_capability SYS_IOCTL
allow_capability SYS_UNLINK

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/sysklogd /usr/bin/savelog /bin/touch

2 /var/log/syslog.new 

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/sysklogd /usr/bin/savelog /usr/bin/basename


<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/sysklogd /usr/bin/savelog /usr/bin/dirname


<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.daily/sysklogd /usr/sbin/syslogd-listfiles

4 /dev/urandom 
4 /etc/syslog.conf 
4 /lib/libpthread-0.10.so 
4 /proc/sys/kernel/version 
4 /usr/sbin/syslogd-listfiles 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.monthly/standard

6 /dev/tty 
4 /etc/cron.monthly/standard 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.weekly/lpr

2 /dev/null 
6 /dev/tty 
4 /etc/cron.weekly/lpr 
1 /etc/init.d/lpd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /sbin/start-stop-daemon 
1 /usr/bin/savelog 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.weekly/lpr /etc/init.d/lpd

1 /bin/sleep 
6 /dev/tty 
4 /etc/default/lpd 
5 /etc/init.d/lpd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.weekly/lpr /etc/init.d/lpd /bin/sleep

4 /lib/libpthread-0.10.so 
4 /proc/sys/kernel/version 

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.weekly/lpr /etc/init.d/lpd /etc/init.d/lpd

6 /dev/tty 
4 /etc/default/lpd 
4 /etc/init.d/lpd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /sbin/start-stop-daemon 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.weekly/lpr /etc/init.d/lpd /etc/init.d/lpd /sbin/start-stop-daemon

1 /usr/sbin/lpd 
allow_capability SYS_KILL
allow_signal 15 <kernel> /usr/sbin/lpd

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.weekly/lpr /sbin/start-stop-daemon


<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.weekly/lpr /usr/bin/savelog

1 /bin/date 
1 /bin/gzip 
1 /bin/ln 
1 /bin/mv 
1 /bin/rm 
1 /bin/touch 
6 /dev/tty 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /usr/bin/basename 
1 /usr/bin/dirname 
4 /usr/bin/savelog 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.weekly/lpr /usr/bin/savelog /bin/date

4 /lib/libpthread-0.10.so 
4 /proc/sys/kernel/version 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
4 /usr/share/zoneinfo/Asia/Tokyo 

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.weekly/lpr /usr/bin/savelog /bin/gzip

6 /var/log/lp-acct.\* 
6 /var/log/lp-errs.\* 
allow_capability SYS_CHMOD
allow_capability SYS_CHOWN
allow_capability SYS_UNLINK

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.weekly/lpr /usr/bin/savelog /bin/ln

2 /var/log/lp-acct.0 
2 /var/log/lp-errs.0 
allow_capability SYS_LINK

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.weekly/lpr /usr/bin/savelog /bin/mv

4 /lib/libacl.so.1.1.0 
4 /lib/libattr.so.1.1.0 
2 /var/log/lp-acct 
2 /var/log/lp-acct.\* 
2 /var/log/lp-errs 
2 /var/log/lp-errs.\*
allow_capability SYS_IOCTL
allow_capability SYS_RENAME

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.weekly/lpr /usr/bin/savelog /bin/rm

allow_capability SYS_IOCTL
allow_capability SYS_UNLINK

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.weekly/lpr /usr/bin/savelog /bin/touch

2 /var/log/lp-\* 

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.weekly/lpr /usr/bin/savelog /usr/bin/basename


<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.weekly/lpr /usr/bin/savelog /usr/bin/dirname


<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.weekly/man-db

6 /dev/tty 
4 /etc/cron.weekly/man-db 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /sbin/start-stop-daemon 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.weekly/man-db /sbin/start-stop-daemon

4 /dev/null 
4 /etc/group 
4 /etc/nsswitch.conf 
4 /etc/passwd 
1 /usr/lib/man-db/mandb 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.weekly/man-db /sbin/start-stop-daemon /usr/lib/man-db/mandb

4 /etc/manpath.config 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /proc/\$/mounts 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
4 /usr/lib/libgdbm.so.3.0.0 
6 /var/cache/man/#index.db# 
6 /var/cache/man/X11R6/#index.db# 
6 /var/cache/man/X11R6/index.db 
6 /var/cache/man/\$ 
6 /var/cache/man/index.db 
6 /var/cache/man/\*/\$ 
allow_capability SYS_RENAME
allow_capability SYS_UNLINK

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.weekly/sysklogd

2 /dev/null 
6 /dev/tty 
4 /etc/cron.weekly/sysklogd 
1 /etc/init.d/sysklogd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /usr/bin/savelog 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
1 /usr/sbin/syslogd-listfiles 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.weekly/sysklogd /etc/init.d/sysklogd

1 /bin/cat 
6 /dev/tty 
4 /etc/init.d/sysklogd 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /sbin/start-stop-daemon 
1 /usr/bin/head 
1 /usr/bin/tr 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.weekly/sysklogd /etc/init.d/sysklogd /bin/cat

4 /proc/\$/cmdline 
4 /var/run/syslogd.pid 

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.weekly/sysklogd /etc/init.d/sysklogd /sbin/start-stop-daemon

4 /var/run/syslogd.pid 
allow_capability SYS_KILL
allow_signal 1 <kernel> /sbin/syslogd

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.weekly/sysklogd /etc/init.d/sysklogd /usr/bin/head

4 /usr/lib/gconv/gconv-modules 

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.weekly/sysklogd /etc/init.d/sysklogd /usr/bin/tr


<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.weekly/sysklogd /usr/bin/savelog

1 /bin/chgrp 
1 /bin/chmod 
1 /bin/chown 
1 /bin/date 
1 /bin/gzip 
1 /bin/ln 
1 /bin/mv 
1 /bin/rm 
1 /bin/touch 
6 /dev/tty 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /usr/bin/basename 
1 /usr/bin/dirname 
4 /usr/bin/savelog 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.weekly/sysklogd /usr/bin/savelog /bin/chgrp

4 /etc/group 
4 /etc/nsswitch.conf 
allow_capability SYS_CHOWN

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.weekly/sysklogd /usr/bin/savelog /bin/chmod

allow_capability SYS_CHMOD

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.weekly/sysklogd /usr/bin/savelog /bin/chown

4 /etc/nsswitch.conf 
4 /etc/passwd 

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.weekly/sysklogd /usr/bin/savelog /bin/date

4 /lib/libpthread-0.10.so 
4 /proc/sys/kernel/version 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
4 /usr/share/zoneinfo/Asia/Tokyo 

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.weekly/sysklogd /usr/bin/savelog /bin/gzip

6 /var/log/\*
allow_capability SYS_CHMOD
allow_capability SYS_CHOWN
allow_capability SYS_UNLINK

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.weekly/sysklogd /usr/bin/savelog /bin/ln

2 /var/log/auth.log.0 
2 /var/log/daemon.log.0 
2 /var/log/debug.0 
2 /var/log/kern.log.0 
2 /var/log/lpr.log.0 
2 /var/log/messages.0 
2 /var/log/user.log.0 
allow_capability SYS_LINK

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.weekly/sysklogd /usr/bin/savelog /bin/mv

4 /lib/libacl.so.1.1.0 
4 /lib/libattr.so.1.1.0 
2 /var/log/\*
allow_capability SYS_IOCTL
allow_capability SYS_RENAME

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.weekly/sysklogd /usr/bin/savelog /bin/rm

allow_capability SYS_IOCTL
allow_capability SYS_UNLINK

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.weekly/sysklogd /usr/bin/savelog /bin/touch

2 /var/log/\* 

<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.weekly/sysklogd /usr/bin/savelog /usr/bin/basename


<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.weekly/sysklogd /usr/bin/savelog /usr/bin/dirname


<kernel> /usr/sbin/cron /bin/bash /bin/run-parts /etc/cron.weekly/sysklogd /usr/sbin/syslogd-listfiles

4 /dev/urandom 
4 /etc/syslog.conf 
4 /lib/libpthread-0.10.so 
4 /proc/sys/kernel/version 
4 /usr/sbin/syslogd-listfiles 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /usr/bin/find


<kernel> /usr/sbin/cron /bin/bash /usr/bin/xargs


<kernel> /usr/sbin/cron /bin/bash /usr/lib/php4/maxlifetime

1 /bin/sed 
2 /dev/null 
6 /dev/tty 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
4 /usr/lib/php4/maxlifetime 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/cron /bin/bash /usr/lib/php4/maxlifetime /bin/sed

4 /etc/php4/apache2/php.ini 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 

<kernel> /usr/sbin/exim4

6 /dev/null 
4 /etc/group 
4 /etc/host.conf 
4 /etc/hosts 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /etc/resolv.conf 
4 /etc/services 
4 /lib/libnss_db-2.2.so 
4 /usr/lib/libdb-4.2.so 
4 /usr/lib/libdb3.so.3.0.2 
4 /usr/lib/libgcrypt.so.11.1.1 
4 /usr/lib/libgnutls.so.11.1.16 
4 /usr/lib/libgpg-error.so.0.1.3 
4 /usr/lib/libpcre.so.3.10.0 
4 /usr/lib/libtasn1.so.2.0.10 
4 /usr/lib/libz.so.1.2.2 
1 /usr/sbin/exim4 
4 /usr/share/zoneinfo/Asia/Tokyo 
4 /var/lib/exim4/config.autogenerated 
4 /var/lib/exim4/config.autogenerated.tmp 
2 /var/log/exim4/mainlog 
2 /var/run/exim4/exim.pid 
allow_capability SYS_CHMOD
allow_capability SYS_IOCTL
allow_capability inet_tcp_create
allow_capability inet_tcp_listen
allow_capability use_inet_udp
allow_bind TCP/25
allow_connect UDP/53

<kernel> /usr/sbin/inetd

6 /dev/null 
4 /etc/inetd.conf 
4 /etc/nsswitch.conf 
4 /etc/services 
4 /lib/libnss_db-2.2.so 
4 /usr/lib/libdb3.so.3.0.2 
2 /var/run/inetd.pid 
allow_capability SYS_UNLINK
allow_capability inet_tcp_create
allow_capability inet_tcp_listen
allow_bind TCP/113

<kernel> /usr/sbin/lpd

6 /dev/null 
2 /dev/printer 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /etc/printcap 
4 /etc/services 
4 /lib/libnss_db-2.2.so 
4 /usr/lib/libdb3.so.3.0.2 
4 /usr/share/zoneinfo/Asia/Tokyo 
2 /var/run/lpd.pid 
2 /var/spool/lpd/lpd.lock 
allow_capability SYS_CHMOD
allow_capability SYS_CHOWN
allow_capability SYS_SYMLINK
allow_capability SYS_UNLINK
allow_capability create_unix_socket

<kernel> /usr/sbin/nmbd

6 /dev/null 
4 /etc/samba/smb.conf 
4 /lib/libcom_err.so.2.1 
4 /lib/libpopt.so.0.0.0 
4 /lib/libpthread-0.10.so 
4 /proc/sys/kernel/version 
4 /usr/lib/gconv/IBM850.so 
4 /usr/lib/gconv/UTF-16.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/libgcrypt.so.11.1.1 
4 /usr/lib/libgnutls.so.11.1.16 
4 /usr/lib/libgpg-error.so.0.1.3 
4 /usr/lib/libgssapi_krb5.so.2.2 
4 /usr/lib/libk5crypto.so.3.0 
4 /usr/lib/libkrb5.so.3.2 
4 /usr/lib/liblber.so.2.0.130 
4 /usr/lib/libldap_r.so.2.0.130 
4 /usr/lib/libsasl2.so.2.0.19 
4 /usr/lib/libtasn1.so.2.0.10 
4 /usr/lib/libz.so.1.2.2 
4 /usr/share/samba/lowcase.dat 
4 /usr/share/samba/upcase.dat 
4 /usr/share/samba/valid.dat 
4 /usr/share/zoneinfo/Asia/Tokyo 
2 /var/cache/samba/browse.dat 
2 /var/cache/samba/browse.dat. 
2 /var/log/samba/log.nmbd 
6 /var/run/samba/messages.tdb 
2 /var/run/samba/namelist.debug 
2 /var/run/samba/nmbd.pid 
6 /var/run/samba/unexpected.tdb 
allow_capability SYS_CHMOD
allow_capability SYS_IOCTL
allow_capability SYS_RENAME
allow_capability SYS_UNLINK
allow_capability use_inet_udp
allow_bind UDP/137
allow_bind UDP/138
allow_connect UDP/137

<kernel> /usr/sbin/papd

6 /dev/null 
6 /dev/tty 
4 /etc/netatalk/papd.conf 
4 /lib/libpam.so.0.76 
4 /usr/lib/libcups.so.2 
4 /usr/lib/libgcrypt.so.11.1.1 
4 /usr/lib/libgnutls.so.11.1.16 
4 /usr/lib/libgpg-error.so.0.1.3 
4 /usr/lib/libtasn1.so.2.0.10 
4 /usr/lib/libz.so.1.2.2 
4 /usr/share/zoneinfo/Asia/Tokyo 
2 /var/run/papd.pid 
allow_capability SYS_UNLINK

<kernel> /usr/sbin/smbd

6 /dev/null 
4 /dev/urandom 
4 /etc/group 
4 /etc/host.conf 
4 /etc/hosts 
4 /etc/nsswitch.conf 
4 /etc/pam.d/common-account 
4 /etc/pam.d/common-auth 
4 /etc/pam.d/common-password 
4 /etc/pam.d/common-session 
4 /etc/pam.d/other 
4 /etc/pam.d/samba 
4 /etc/passwd 
4 /etc/printcap 
4 /etc/resolv.conf 
4 /etc/samba/smb.conf 
4 /etc/shadow 
4 /lib/libacl.so.1.1.0 
4 /lib/libattr.so.1.1.0 
4 /lib/libcom_err.so.2.1 
4 /lib/libpam.so.0.76 
4 /lib/libpopt.so.0.0.0 
4 /lib/libpthread-0.10.so 
4 /lib/security/pam_unix.so 
4 /proc/sys/kernel/version 
4 /usr/lib/gconv/IBM850.so 
4 /usr/lib/gconv/UTF-16.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/libcups.so.2 
4 /usr/lib/libgcrypt.so.11.1.1 
4 /usr/lib/libgnutls.so.11.1.16 
4 /usr/lib/libgpg-error.so.0.1.3 
4 /usr/lib/libgssapi_krb5.so.2.2 
4 /usr/lib/libk5crypto.so.3.0 
4 /usr/lib/libkrb5.so.3.2 
4 /usr/lib/liblber.so.2.0.130 
4 /usr/lib/libldap_r.so.2.0.130 
4 /usr/lib/libsasl2.so.2.0.19 
4 /usr/lib/libtasn1.so.2.0.10 
4 /usr/lib/libz.so.1.2.2 
4 /usr/share/samba/lowcase.dat 
4 /usr/share/samba/upcase.dat 
4 /usr/share/samba/valid.dat 
4 /usr/share/zoneinfo/Asia/Tokyo 
6 /var/cache/samba/printing/lp.tdb 
6 /var/cache/samba/printing/printers.tdb 
6 /var/lib/samba/account_policy.tdb 
6 /var/lib/samba/group_mapping.tdb 
6 /var/lib/samba/ntdrivers.tdb 
6 /var/lib/samba/ntforms.tdb 
6 /var/lib/samba/ntprinters.tdb 
4 /var/lib/samba/passdb.tdb 
6 /var/lib/samba/registry.tdb 
6 /var/lib/samba/secrets.tdb 
6 /var/lib/samba/share_info.tdb 
2 /var/log/samba/log.\*
6 /var/run/samba/brlock.tdb 
6 /var/run/samba/connections.tdb 
6 /var/run/samba/gencache.tdb 
6 /var/run/samba/locking.tdb 
6 /var/run/samba/messages.tdb 
6 /var/run/samba/sessionid.tdb 
2 /var/run/samba/smbd.pid 
allow_capability SYS_IOCTL
allow_capability SYS_KILL
allow_capability SYS_UNLINK
allow_capability inet_tcp_create
allow_capability inet_tcp_listen
allow_capability use_inet_udp
allow_bind TCP/139
allow_bind TCP/445
allow_bind UDP/0

<kernel> /usr/sbin/sshd

1 /bin/bash 
6 /dev/null 
6 /dev/ptmx 
6 /dev/pts/\$ 
6 /dev/tty 
4 /dev/urandom 
4 /etc/environment 
4 /etc/group 
4 /etc/host.conf 
4 /etc/hosts 
4 /etc/hosts.allow 
4 /etc/hosts.deny 
4 /etc/motd 
4 /etc/nsswitch.conf 
4 /etc/pam.d/common-account 
4 /etc/pam.d/common-auth 
4 /etc/pam.d/common-password 
4 /etc/pam.d/common-session 
4 /etc/pam.d/other 
4 /etc/pam.d/ssh 
4 /etc/passwd 
4 /etc/resolv.conf 
4 /etc/security/limits.conf 
4 /etc/security/pam_env.conf 
4 /etc/shadow 
4 /etc/ssh/ssh_host_dsa_key 
4 /etc/ssh/ssh_host_key 
4 /etc/ssh/ssh_host_rsa_key 
4 /etc/ssh/sshd_config 
4 /lib/libcap.so.1.10 
4 /lib/libpam.so.0.76 
4 /lib/libpthread-0.10.so 
4 /lib/libwrap.so.0.7.6 
4 /lib/security/pam_env.so 
4 /lib/security/pam_limits.so 
4 /lib/security/pam_mail.so 
4 /lib/security/pam_motd.so 
4 /lib/security/pam_nologin.so 
4 /lib/security/pam_unix.so 
4 /proc/sys/kernel/version 
4 /usr/lib/i686/cmov/libcrypto.so.0.9.7 
4 /usr/lib/libz.so.1.2.2 
4 /usr/share/zoneinfo/Asia/Tokyo 
6 /var/log/lastlog 
2 /var/log/wtmp 
2 /var/run/sshd.pid 
6 /var/run/utmp 
allow_capability SYS_CHMOD
allow_capability SYS_CHOWN
allow_capability SYS_CHROOT
allow_capability SYS_IOCTL
allow_capability SYS_NICE
allow_capability SYS_UNLINK
allow_capability SYS_VHANGUP
allow_capability inet_tcp_create
allow_capability inet_tcp_listen
allow_capability use_inet_udp
allow_bind TCP/22
allow_connect UDP/53

<kernel> /usr/sbin/sshd /bin/bash

1 /bin/cat 
1 /bin/date 
1 /bin/dmesg 
1 /bin/ls 
1 /bin/rm 
6 /dev/tty 
4 /etc/inputrc 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /etc/profile 
4 /etc/terminfo/v/vt100 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
2 /proc/ccs/policy/exception_policy 
6 /root/.bash_history 
4 /root/.bashrc 
4 /root/.profile 
1 /root/ccstools/savepolicy 
1 /sbin/halt 
1 /usr/bin/crontab 
1 /usr/bin/emacs21-nox 
1 /usr/bin/id 
1 /usr/bin/less 
1 /usr/bin/mail 
1 /usr/bin/mesg 
1 /usr/bin/pstree 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
1 /usr/lib/man-db/man 
allow_capability SYS_IOCTL
allow_capability SYS_KILL
allow_signal 18 <kernel> /usr/sbin/sshd /bin/bash /usr/bin/emacs21-nox

<kernel> /usr/sbin/sshd /bin/bash /bin/cat

4 /etc/crontab 
4 /proc/ccs/info/meminfo 
4 /proc/ccs/policy/exception_policy 

<kernel> /usr/sbin/sshd /bin/bash /bin/date

4 /lib/libpthread-0.10.so 
4 /proc/sys/kernel/version 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
4 /usr/share/zoneinfo/Asia/Tokyo 
allow_capability SYS_TIME

<kernel> /usr/sbin/sshd /bin/bash /bin/dmesg


<kernel> /usr/sbin/sshd /bin/bash /bin/ls

4 /etc/group 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libacl.so.1.1.0 
4 /lib/libattr.so.1.1.0 
4 /lib/libpthread-0.10.so 
4 /proc/\$/mounts 
4 /proc/sys/kernel/version 
4 /usr/lib/gconv/gconv-modules 
4 /usr/share/zoneinfo/Asia/Tokyo 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/sshd /bin/bash /bin/rm

allow_capability SYS_IOCTL
allow_capability SYS_UNLINK

<kernel> /usr/sbin/sshd /bin/bash /root/ccstools/savepolicy

4 /proc/ccs/policy/domain_policy 
2 /root/security/domain_policy.\* 
4 /usr/share/zoneinfo/Asia/Tokyo 
allow_capability SYS_SYMLINK
allow_capability SYS_UNLINK

<kernel> /usr/sbin/sshd /bin/bash /sbin/halt

1 /sbin/shutdown 
6 /var/run/utmp 

<kernel> /usr/sbin/sshd /bin/bash /sbin/halt /sbin/shutdown

2 /dev/initctl 
2 /dev/pts/\$ 
4 /etc/nsswitch.conf 
4 /etc/passwd 
1 /sbin/init 
4 /usr/share/zoneinfo/Asia/Tokyo 
2 /var/run/shutdown.pid 
6 /var/run/utmp 
allow_capability SYS_IOCTL
allow_capability SYS_UNLINK

<kernel> /usr/sbin/sshd /bin/bash /sbin/halt /sbin/shutdown /sbin/init

2 /dev/initctl 

<kernel> /usr/sbin/sshd /bin/bash /usr/bin/crontab

4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /lib/libpam.so.0.76 
4 /usr/share/zoneinfo/Asia/Tokyo 

<kernel> /usr/sbin/sshd /bin/bash /usr/bin/emacs21-nox

4 /etc/emacs/site-start.d/50dictionaries-common.el 
4 /etc/emacs/site-start.el 
4 /etc/emacs21/site-start.d/00debian-vars.elc 
4 /etc/emacs21/site-start.d/50egg-init.el 
4 /etc/host.conf 
4 /etc/hosts 
4 /etc/mailname 
4 /etc/nsswitch.conf 
4 /etc/passwd 
4 /etc/resolv.conf 
4 /etc/terminfo/v/vt100 
4 /lib/libncurses.so.5.4 
2 /root/.emacs.d/auto-save-list/.saves-\$-\* 
2 /root/security/#exception_policy.txt# 
2 /root/security/.#exception_policy.txt 
2 /root/security/.#system_policy.txt 
6 /root/security/exception_policy.txt 
2 /root/security/exception_policy.txt~ 
6 /root/security/system_policy.txt 
2 /root/security/system_policy.txt~ 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
4 /usr/share/emacs/21.4/leim/leim-list.el 
4 /usr/share/emacs/21.4/lisp/disp-table.elc 
4 /usr/share/emacs/21.4/lisp/language/japan-util.elc 
4 /usr/share/emacs/21.4/lisp/mail/mh-e.elc 
4 /usr/share/emacs/21.4/lisp/mail/mh-utils.elc 
4 /usr/share/emacs/21.4/lisp/subdirs.el 
4 /usr/share/emacs/21.4/lisp/term/lk201.el 
4 /usr/share/emacs/21.4/lisp/term/vt100.elc 
4 /usr/share/emacs21/site-lisp/debian-startup.elc 
4 /usr/share/emacs21/site-lisp/dictionaries-common/debian-ispell.elc 
4 /usr/share/emacs21/site-lisp/egg/leim-list.el 
4 /usr/share/emacs21/site-lisp/subdirs.el 
4 /usr/share/zoneinfo/Asia/Tokyo 
4 /var/cache/dictionaries-common/emacsen-ispell-default.el 
4 /var/cache/dictionaries-common/emacsen-ispell-dicts.el 
6 /var/run/utmp 
allow_capability SYS_CHMOD
allow_capability SYS_IOCTL
allow_capability SYS_KILL
allow_capability SYS_RENAME
allow_capability SYS_SYMLINK
allow_capability SYS_UNLINK

<kernel> /usr/sbin/sshd /bin/bash /usr/bin/id


<kernel> /usr/sbin/sshd /bin/bash /usr/bin/less

4 /dev/tty 
4 /etc/terminfo/v/vt100 
4 /lib/libncurses.so.5.4 
4 /root/ccs-patch-2.4.32.txt 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/sshd /bin/bash /usr/bin/mail

4 /etc/mail.rc 
4 /usr/lib/liblockfile.so.1.0 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/sshd /bin/bash /usr/bin/mesg

4 /etc/group 
4 /etc/nsswitch.conf 
allow_capability SYS_CHMOD
allow_capability SYS_IOCTL

<kernel> /usr/sbin/sshd /bin/bash /usr/bin/pstree

4 /etc/terminfo/v/vt100 
4 /lib/libncurses.so.5.4 
4 /proc/\$/stat 
4 /usr/lib/gconv/EUC-JP.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/gconv/libJIS.so 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/sshd /bin/bash /usr/lib/man-db/man

1 /bin/bash 
4 /etc/manpath.config 
4 /proc/\$/mounts 
6 /tmp/zman\?\?\?\?\?\? 
4 /usr/lib/libgdbm.so.3.0.0 
4 /var/cache/man/X11R6/index.db 
4 /var/cache/man/index.db 
allow_capability SYS_IOCTL
allow_capability SYS_UNLINK

<kernel> /usr/sbin/sshd /bin/bash /usr/lib/man-db/man /bin/bash

1 /bin/gzip 
6 /dev/tty 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
2 /tmp/zman\?\?\?\?\?\? 
1 /usr/bin/lv 
1 /usr/bin/nroff 
1 /usr/bin/tbl 
1 /usr/bin/zsoelim 

<kernel> /usr/sbin/sshd /bin/bash /usr/lib/man-db/man /bin/bash /bin/gzip

4 /usr/share/man/\*/\* 

<kernel> /usr/sbin/sshd /bin/bash /usr/lib/man-db/man /bin/bash /usr/bin/lv

4 /dev/tty 
4 /etc/terminfo/v/vt100 
4 /lib/libncurses.so.5.4 
6 /tmp/tmpf\?\?\?\?\?\? 
allow_capability SYS_IOCTL
allow_capability SYS_UNLINK

<kernel> /usr/sbin/sshd /bin/bash /usr/lib/man-db/man /bin/bash /usr/bin/nroff

2 /dev/null 
6 /dev/tty 
4 /lib/libncurses.so.5.4 
4 /proc/\$/mounts 
1 /usr/bin/groff 
1 /usr/bin/locale 
4 /usr/bin/nroff 
allow_capability SYS_IOCTL

<kernel> /usr/sbin/sshd /bin/bash /usr/lib/man-db/man /bin/bash /usr/bin/nroff /usr/bin/groff

4 /lib/libgcc_s.so.1 
1 /usr/bin/grotty 
1 /usr/bin/troff 
4 /usr/lib/gconv/ISO8859-1.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/libstdc++.so.5.0.7 
4 /usr/share/groff/1.18.1/font/devascii/DESC 
allow_capability SYS_KILL
allow_signal 13 <kernel> /usr/sbin/sshd /bin/bash /usr/lib/man-db/man /bin/bash /usr/bin/nroff /usr/bin/groff /usr/bin/troff

<kernel> /usr/sbin/sshd /bin/bash /usr/lib/man-db/man /bin/bash /usr/bin/nroff /usr/bin/groff /usr/bin/grotty

4 /lib/libgcc_s.so.1 
4 /usr/lib/gconv/ISO8859-1.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/libstdc++.so.5.0.7 
4 /usr/share/groff/1.18.1/font/devascii/B 
4 /usr/share/groff/1.18.1/font/devascii/DESC 
4 /usr/share/groff/1.18.1/font/devascii/I 
4 /usr/share/groff/1.18.1/font/devascii/R 

<kernel> /usr/sbin/sshd /bin/bash /usr/lib/man-db/man /bin/bash /usr/bin/nroff /usr/bin/groff /usr/bin/troff

4 /etc/groff/man.local 
4 /lib/libgcc_s.so.1 
4 /usr/lib/gconv/ISO8859-1.so 
4 /usr/lib/gconv/gconv-modules 
4 /usr/lib/libstdc++.so.5.0.7 
4 /usr/share/groff/1.18.1/font/devascii/B 
4 /usr/share/groff/1.18.1/font/devascii/BI 
4 /usr/share/groff/1.18.1/font/devascii/DESC 
4 /usr/share/groff/1.18.1/font/devascii/I 
4 /usr/share/groff/1.18.1/font/devascii/R 
4 /usr/share/groff/1.18.1/tmac/an-old.tmac 
4 /usr/share/groff/1.18.1/tmac/andoc.tmac 
4 /usr/share/groff/1.18.1/tmac/hyphen.us 
4 /usr/share/groff/1.18.1/tmac/latin1.tmac 
4 /usr/share/groff/1.18.1/tmac/troffrc 
4 /usr/share/groff/1.18.1/tmac/troffrc-end 
4 /usr/share/groff/1.18.1/tmac/tty-char.tmac 
4 /usr/share/groff/1.18.1/tmac/tty.tmac 
4 /usr/share/zoneinfo/Asia/Tokyo 

<kernel> /usr/sbin/sshd /bin/bash /usr/lib/man-db/man /bin/bash /usr/bin/nroff /usr/bin/locale


<kernel> /usr/sbin/sshd /bin/bash /usr/lib/man-db/man /bin/bash /usr/bin/tbl

4 /lib/libgcc_s.so.1 
4 /usr/lib/libstdc++.so.5.0.7 

<kernel> /usr/sbin/sshd /bin/bash /usr/lib/man-db/man /bin/bash /usr/bin/zsoelim

4 /tmp/zman\?\?\?\?\?\? 
allow_capability SYS_IOCTL

'c or linux' 카테고리의 다른 글

__init, __exit 의미  (0) 2006.02.14
extern으로 불러온 변수의 sizeof 호출하기  (0) 2006.02.14
[본문 스크랩] Kernel File List  (0) 2006.02.14
The Linux Kernel API  (0) 2006.02.14
리눅스 I/O 포트 프로그래밍 미니 하우투  (0) 2006.02.13
전처리기 ##, #  (0) 2006.02.08
Posted by 김용환 '김용환'

The Linux Kernel API

c or linux 2006.02.14 04:14
The Linux Kernel API

 

http://kernelnewbies.org/documents/kdoc/kernel-api/linuxkernelapi.html

 

Table of Contents
1. Driver Basics
Driver Entry and Exit points
module_init — driver initialization entry point
module_exit — driver exit entry point
Atomic and pointer manipulation
atomic_read — read atomic variable
atomic_set — set atomic variable
atomic_add — add integer to atomic variable
atomic_sub — subtract the atomic variable
atomic_sub_and_test — subtract value from variable and test result
atomic_inc — increment atomic variable
atomic_dec — decrement atomic variable
atomic_dec_and_test — decrement and test
atomic_inc_and_test — increment and test
atomic_add_negative — add and test if negative
get_unaligned — get value from possibly mis-aligned location
put_unaligned — put value to a possibly mis-aligned location
Delaying, scheduling, and timer routines
schedule_timeout — sleep until timeout
2. Data Types
Doubly Linked Lists
list_add — add a new entry
list_add_tail — add a new entry
list_del — deletes entry from list.
list_del_init — deletes entry from list and reinitialize it.
list_empty — tests whether a list is empty
list_splice — join two lists
list_entry — get the struct for this entry
list_for_each — iterate over a list
list_for_each_safe — iterate over a list safe against removal of list entry
3. Basic C Library Functions
String Conversions
simple_strtol — convert a string to a signed long
simple_strtoll — convert a string to a signed long long
simple_strtoul — convert a string to an unsigned long
simple_strtoull — convert a string to an unsigned long long
vsnprintf — Format a string and place it in a buffer
snprintf — Format a string and place it in a buffer
vsprintf — Format a string and place it in a buffer
sprintf — Format a string and place it in a buffer
String Manipulation
strcpy — Copy a NUL terminated string
strncpy — Copy a length-limited, NUL-terminated string
strcat — Append one NUL-terminated string to another
strncat — Append a length-limited, NUL-terminated string to another
strcmp — Compare two strings
strncmp — Compare two length-limited strings
strchr — Find the first occurrence of a character in a string
strrchr — Find the last occurrence of a character in a string
strlen — Find the length of a string
strnlen — Find the length of a length-limited string
strpbrk — Find the first occurrence of a set of characters
strtok — Split a string into tokens
memset — Fill a region of memory with the given value
bcopy — Copy one area of memory to another
memcpy — Copy one area of memory to another
memmove — Copy one area of memory to another
memcmp — Compare two areas of memory
memscan — Find a character in an area of memory.
strstr — Find the first substring in a NUL terminated string
memchr — Find a character in an area of memory.
Bit Operations
set_bit — Atomically set a bit in memory
__set_bit — Set a bit in memory
clear_bit — Clears a bit in memory
__change_bit — Toggle a bit in memory
change_bit — Toggle a bit in memory
test_and_set_bit — Set a bit and return its old value
__test_and_set_bit — Set a bit and return its old value
test_and_clear_bit — Clear a bit and return its old value
__test_and_clear_bit — Clear a bit and return its old value
test_and_change_bit — Change a bit and return its new value
test_bit — Determine whether a bit is set
find_first_zero_bit — find the first zero bit in a memory region
find_next_zero_bit — find the first zero bit in a memory region
ffz — find first zero in word.
ffs — find first bit set
hweight32 — returns the hamming weight of a N-bit word
4. Memory Management in Linux
The Slab Cache
kmem_cache_create — Create a cache.
kmem_cache_shrink — Shrink a cache.
kmem_cache_destroy — delete a cache
kmem_cache_alloc — Allocate an object
kmalloc — allocate memory
kmem_cache_free — Deallocate an object
kfree — free previously allocated memory
5. The proc filesystem
sysctl interface
register_sysctl_table — register a sysctl heirarchy
unregister_sysctl_table — unregister a sysctl table heirarchy
proc_dostring — read a string sysctl
proc_dointvec — read a vector of integers
proc_dointvec_minmax — read a vector of integers with min/max values
proc_doulongvec_minmax — read a vector of long integers with min/max values
proc_doulongvec_ms_jiffies_minmax — read a vector of millisecond values with min/max values
proc_dointvec_jiffies — read a vector of integers as seconds
6. The Linux VFS
The Directory Cache
d_invalidate — invalidate a dentry
d_find_alias — grab a hashed alias of inode
prune_dcache — shrink the dcache
shrink_dcache_sb — shrink dcache for a superblock
have_submounts — check for mounts over a dentry
shrink_dcache_parent — prune dcache
d_alloc — allocate a dcache entry
d_instantiate — fill in inode information for a dentry
d_alloc_root — allocate root dentry
d_lookup — search for a dentry
d_validate — verify dentry provided from insecure source
d_delete — delete a dentry
d_rehash — add an entry back to the hash
d_move — move a dentry
__d_path — return the path of a dentry
is_subdir — is new dentry a subdirectory of old_dentry
find_inode_number — check for dentry with name
d_drop — drop a dentry
d_add — add dentry to hash queues
dget — get a reference to a dentry
d_unhashed — is dentry hashed
Inode Handling
__mark_inode_dirty — internal function
write_inode_now — write an inode to disk
clear_inode — clear an inode
invalidate_inodes — discard the inodes on a device
get_empty_inode — obtain an inode
iunique — get a unique inode number
insert_inode_hash — hash an inode
remove_inode_hash — remove an inode from the hash
iput — put an inode
bmap — find a block number in a file
update_atime — update the access time
make_bad_inode — mark an inode bad due to an I/O error
is_bad_inode — is an inode errored
Registration and Superblocks
register_filesystem — register a new filesystem
unregister_filesystem — unregister a file system
get_super — get the superblock of a device
File Locks
posix_lock_file
__get_lease — revoke all outstanding leases on file
lease_get_mtime
posix_block_lock — blocks waiting for a file lock
posix_unblock_lock — stop waiting for a file lock
lock_may_read — checks that the region is free of locks
lock_may_write — checks that the region is free of locks
fcntl_getlease — Enquire what lease is currently active
fcntl_setlease — sets a lease on an open file
sys_flockflock system call.
get_locks_status — reports lock usage in /proc/locks
7. Linux Networking
Socket Buffer Functions
skb_queue_empty — check if a queue is empty
skb_get — reference buffer
kfree_skb — free an sk_buff
skb_cloned — is the buffer a clone
skb_shared — is the buffer shared
skb_share_check — check if buffer is shared and if so clone it
skb_unshare — make a copy of a shared buffer
skb_peek
skb_peek_tail
skb_queue_len — get queue length
__skb_queue_head — queue a buffer at the list head
skb_queue_head — queue a buffer at the list head
__skb_queue_tail — queue a buffer at the list tail
skb_queue_tail — queue a buffer at the list tail
__skb_dequeue — remove from the head of the queue
skb_dequeue — remove from the head of the queue
skb_insert — insert a buffer
skb_append — append a buffer
skb_unlink — remove a buffer from a list
__skb_dequeue_tail — remove from the tail of the queue
skb_dequeue_tail — remove from the head of the queue
skb_put — add data to a buffer
skb_push — add data to the start of a buffer
skb_pull — remove data from the start of a buffer
skb_headroom — bytes at buffer head
skb_tailroom — bytes at buffer end
skb_reserve — adjust headroom
skb_trim — remove end from a buffer
skb_orphan — orphan a buffer
skb_queue_purge — empty a list
__skb_queue_purge — empty a list
__dev_alloc_skb — allocate an skbuff for sending
dev_alloc_skb — allocate an skbuff for sending
skb_cow — copy header of skb when it is required
skb_over_panic — private function
skb_under_panic — private function
alloc_skb — allocate a network buffer
__kfree_skb — private function
skb_clone — duplicate an sk_buff
skb_copy — create private copy of an sk_buff
pskb_copy — create copy of an sk_buff with private head.
pskb_expand_head — reallocate header of sk_buff
skb_copy_expand — copy and expand sk_buff
__pskb_pull_tail — advance tail of skb header
Socket Filter
sk_run_filter — run a filter on a socket
sk_chk_filter — verify socket filter code
8. Network device support
Driver Support
init_etherdev — Register ethernet device
alloc_etherdev — Allocates and sets up an ethernet device
init_fddidev — Register FDDI device
alloc_fddidev — Register FDDI device
init_hippi_dev — Register HIPPI device
alloc_hippi_dev — Register HIPPI device
init_trdev — Register token ring device
alloc_trdev — Register token ring device
init_fcdev — Register fibre channel device
alloc_fcdev — Register fibre channel device
dev_add_pack — add packet handler
dev_remove_pack — remove packet handler
__dev_get_by_name — find a device by its name
dev_get_by_name — find a device by its name
dev_get — test if a device exists
__dev_get_by_index — find a device by its ifindex
dev_get_by_index — find a device by its ifindex
dev_alloc_name — allocate a name for a device
dev_alloc — allocate a network device and name
netdev_state_change — device changes state
dev_load — load a network module
dev_open — prepare an interface for use.
dev_close — shutdown an interface.
register_netdevice_notifier — register a network notifier block
unregister_netdevice_notifier — unregister a network notifier block
dev_queue_xmit — transmit a buffer
netif_rx — post buffer to the network code
net_call_rx_atomic
register_gifconf — register a SIOCGIF handler
netdev_set_master — set up master/slave pair
dev_set_promiscuity — update promiscuity count on a device
dev_set_allmulti — update allmulti count on a device
dev_ioctl — network device ioctl
dev_new_index — allocate an ifindex
netdev_finish_unregister — complete unregistration
unregister_netdevice — remove device from the kernel
8390 Based Network Cards
ei_open — Open/initialize the board.
ei_close — shut down network device
ei_tx_timeout — handle transmit time out condition
ei_interrupt — handle the interrupts from an 8390
ethdev_init — init rest of 8390 device struct
NS8390_init — initialize 8390 hardware
Synchronous PPP
sppp_input — receive and process a WAN PPP frame
sppp_close — close down a synchronous PPP or Cisco HDLC link
sppp_open — open a synchronous PPP or Cisco HDLC link
sppp_reopen — notify of physical link loss
sppp_change_mtu — Change the link MTU
sppp_do_ioctl — Ioctl handler for ppp/hdlc
sppp_attach — attach synchronous PPP/HDLC to a device
sppp_detach — release PPP resources from a device
9. Module Support
Module Loading
request_module — try to load a kernel module
call_usermodehelper — start a usermode application
Inter Module support
inter_module_register — register a new set of inter module data.
inter_module_unregister — unregister a set of inter module data.
inter_module_get — return arbitrary userdata from another module.
inter_module_get_request — im get with automatic request_module.
inter_module_put — release use of data from another module.
10. Hardware Interfaces
Interrupt Handling
disable_irq_nosync — disable an irq without waiting
disable_irq — disable an irq and wait for completion
enable_irq — enable handling of an irq
probe_irq_mask — scan a bitmap of interrupt lines
MTRR Handling
mtrr_add — Add a memory type region
mtrr_del — delete a memory type region
PCI Support Library
pci_find_slot — locate PCI device from a given PCI slot
pci_find_subsys — begin or continue searching for a PCI device by vendor/subvendor/device/subdevice id
pci_find_device — begin or continue searching for a PCI device by vendor/device id
pci_find_class — begin or continue searching for a PCI device by class
pci_find_capability — query for devices' capabilities
pci_find_parent_resource — return resource region of parent bus of given region
pci_set_power_state — Set the power state of a PCI device
pci_save_state — save the PCI configuration space of a device before suspending
pci_restore_state — Restore the saved state of a PCI device
pci_enable_device — Initialize device before it's used by a driver.
pci_disable_device — Disable PCI device after use
pci_enable_wake — enable device to generate PME# when suspended
pci_release_regions — Release reserved PCI I/O and memory resources
pci_request_regions — Reserved PCI I/O and memory resources
pci_match_device — Tell if a PCI device structure has a matching PCI device id structure
pci_register_driver — register a new pci driver
pci_unregister_driver — unregister a pci driver
pci_insert_device — insert a hotplug device
pci_remove_device — remove a hotplug device
pci_dev_driver — get the pci_driver of a device
pci_set_master — enables bus-mastering for device dev
pci_setup_device — fill in class and map information of a device
pci_pool_create — Creates a pool of pci consistent memory blocks, for dma.
pci_pool_destroy — destroys a pool of pci memory blocks.
pci_pool_alloc — get a block of consistent memory
pci_pool_free — put block back into pci pool
MCA Architecture
MCA Device Functions
MCA Bus DMA
11. The Device File System
devfs_register — Register a device entry.
devfs_unregister — Unregister a device entry.
devfs_mk_symlink
devfs_mk_dir — Create a directory in the devfs namespace.
devfs_find_handle — Find the handle of a devfs entry.
devfs_get_flags — Get the flags for a devfs entry.
devfs_get_maj_min — Get the major and minor numbers for a devfs entry.
devfs_get_handle_from_inode — Get the devfs handle for a VFS inode.
devfs_generate_path — Generate a pathname for an entry, relative to the devfs root.
devfs_get_ops — Get the device operations for a devfs entry.
devfs_set_file_size — Set the file size for a devfs regular file.
devfs_get_info — Get the info pointer written to private_data of de upon open.
devfs_set_info — Set the info pointer written to private_data upon open.
devfs_get_parent — Get the parent device entry.
devfs_get_first_child — Get the first leaf node in a directory.
devfs_get_next_sibling — Get the next sibling leaf node. for a device entry.
devfs_auto_unregister — Configure a devfs entry to be automatically unregistered.
devfs_get_unregister_slave — Get the slave entry which will be automatically unregistered.
devfs_get_name — Get the name for a device entry in its parent directory.
devfs_register_chrdev — Optionally register a conventional character driver.
devfs_register_blkdev — Optionally register a conventional block driver.
devfs_unregister_chrdev — Optionally unregister a conventional character driver.
devfs_unregister_blkdev — Optionally unregister a conventional block driver.
12. Power Management
pm_register — register a device with power management
pm_unregister — unregister a device with power management
pm_unregister_all — unregister all devices with matching callback
pm_send — send request to a single device
pm_send_all — send request to all managed devices
pm_find — find a device
13. Block Devices
blk_cleanup_queue — release a request_queue_t when it is no longer needed
blk_queue_headactive — indicate whether head of request queue may be active
blk_queue_make_request — define an alternate make_request function for a device
blk_init_queue — prepare a request queue for use with a block device
generic_make_request
submit_bh
ll_rw_block — level access to block devices
end_that_request_first — end I/O on one buffer.
14. Miscellaneous Devices
misc_register — register a miscellaneous device
misc_deregister — unregister a miscellaneous device
15. Video4Linux
video_unregister_device — unregister a video4linux device
16. Sound Devices
register_sound_special — register a special sound node
register_sound_mixer — register a mixer device
register_sound_midi — register a midi device
register_sound_dsp — register a DSP device
register_sound_synth — register a synth device
unregister_sound_special — unregister a special sound device
unregister_sound_mixer — unregister a mixer
unregister_sound_midi — unregister a midi device
unregister_sound_dsp — unregister a DSP device
unregister_sound_synth — unregister a synth device
17. USB Devices
usb_register — register a USB driver
usb_scan_devices — scans all unclaimed USB interfaces
usb_deregister — unregister a USB driver
usb_alloc_bus — creates a new USB host controller structure
usb_free_bus — frees the memory used by a bus structure
usb_register_bus — registers the USB host controller with the usb core
usb_deregister_bus — deregisters the USB host controller
usb_match_id — find first usb_device_id matching device or interface
usb_alloc_urb — creates a new urb for a USB driver to use
usb_free_urb — frees the memory used by a urb
usb_control_msg — Builds a control urb, sends it off and waits for completion
usb_bulk_msg — Builds a bulk urb, sends it off and waits for completion
18. 16x50 UART Driver
register_serial — configure a 16x50 serial port at runtime
unregister_serial — deconfigure a 16x50 serial port
19. Z85230 Support Library
z8530_interrupt — Handle an interrupt from a Z8530
z8530_sync_open — Open a Z8530 channel for PIO
z8530_sync_close — Close a PIO Z8530 channel
z8530_sync_dma_open — Open a Z8530 for DMA I/O
z8530_sync_dma_close — Close down DMA I/O
z8530_sync_txdma_open — Open a Z8530 for TX driven DMA
z8530_sync_txdma_close — Close down a TX driven DMA channel
z8530_describe — Uniformly describe a Z8530 port
z8530_init — Initialise a Z8530 device
z8530_shutdown — Shutdown a Z8530 device
z8530_channel_load — Load channel data
z8530_null_rx — Discard a packet
z8530_queue_xmit — Queue a packet
z8530_get_stats — Get network statistics
20. Frame Buffer Library
Frame Buffer Memory
register_framebuffer — registers a frame buffer device
unregister_framebuffer — releases a frame buffer device
Frame Buffer Console
fbcon_redraw_clear — clear area of the screen
fbcon_redraw_bmove — copy area of screen to another area
Frame Buffer Colormap
fb_alloc_cmap — allocate a colormap
fb_copy_cmap — copy a colormap
fb_get_cmap — get a colormap
fb_set_cmap — set the colormap
fb_default_cmap — get default colormap
fb_invert_cmaps — invert all defaults colormaps
Frame Buffer Generic Functions
fbgen_get_fix — get fixed part of display
fbgen_get_var — get user defined part of display
fbgen_set_var — set the user defined part of display
fbgen_get_cmap — get the colormap
fbgen_set_cmap — set the colormap
fbgen_pan_display — pan or wrap the display
fbgen_do_set_var — change the video mode
fbgen_set_disp — set generic display
fbgen_install_cmap — install the current colormap
fbgen_update_var — update user defined part of display
fbgen_switch — switch to a different virtual console.
fbgen_blank — blank the screen
Frame Buffer Video Mode Database
fb_find_mode — finds a valid video mode
__fb_try_mode — test a video mode
Frame Buffer Macintosh Video Mode Database
console_getmode — get current mode
console_setmode — sets current console mode
console_setcmap — sets palette color map for console
console_powermode — sets monitor power mode
mac_vmode_to_var — converts vmode/cmode pair to var structure
mac_var_to_vmode — convert var structure to MacOS vmode/cmode pair
mac_map_monitor_sense — Convert monitor sense to vmode
mac_find_mode — find a video mode
Frame Buffer Fonts
fbcon_find_font — find a font
fbcon_get_default_font — get default font
Posted by 김용환 '김용환'

리눅스 I/O 포트 프로그래밍 미니 하우투

http://wiki.kldp.org/wiki.php/LinuxdocSgml/IO-Port-Programming

Posted by 김용환 '김용환'

DOCSIS 1.0 1.1 2.0

Digital TV 2006.02.11 01:26
이의제기 | 신고-->

 

DOCSIS 1.0

DOCSIS 1.1

DOCSIS 2.0

DOCSIS 제정

1997

1999

2001

ITU Spec.

ITU J.112

ITU J.112

ITU J.122(권고안)

인증 시작

1999

2001

진행중

인증 Cable Modem

216

33

진행중(현재 5)

인증 CMTS

28

16

진행중(현재 1)

상향 주파수 범위

미국,한국 NTSC 방식 : 5 42 MHz (200KHz, 400KHz, 800KHz, 1.6MHz, 3.2MHz step)

하향 주파수 범위

미국,한국 NTSC 방식 : 88 860 MHz (62.5KHz step)

변조

방식

하향

64QAM / 256QAM

상향

QPSK(1.6MHz) / 16QAM(3.2MHz)

QPSK / 16QAM(3.2MHz)

QPSK / 16QAM / 64QAM(6.4MHz)

전송

속도

하향

30.34Mbps(64QAM) / 42.88Mbps(256QAM)

상향

5.12Mbps(QPSK) / 10.24Mbps(16QAM)

5.12Mbps(QPSK) / 10.24Mbps(16QAM)

5.12Mbps(QPSK) / 30.72Mbps(16QAM)

특징

기본 기능 특징

. CMTS(Cable Modem Termination System) 의해서 조절되는 대역폭 할당

. Class of Service ? Single SID(14bit)

. Base line privacy ? 56Bit DES

. SNMPv2

 

 

 

 

 

추가 기능 특징

. DOCSIS 1.0 호환

. Class of service - 다중 SID 지원

. QoS(DOCSIS 1.1에서의 가장 특징)

-효과적인 대역폭 할당

-Dynamic Service flow

. Base line privacy pulse

-DOCSIS 1.0 보다 강화된 암호화 기능

. SNMPv3

. CMTS에서 제어 되는 상향 fragmentation

. IP multicast 지원

추가 기능 특징

. DOCSIS 1.1 호환

. A-TDMA / S-CDMA 방식 적용

. 상향 기능 향상

. QoS 지원

. FEC 강화로 Error 개선

. throughput 성능 50% 향상(SNR 6dB약화)

(64QAM 사용시 6.4MHz 1Ch 최대 30Mbps 수용)

 

 

'Digital TV' 카테고리의 다른 글

IPTV의 큰 난관  (0) 2007.10.03
LAN 관련 Spec  (0) 2006.04.10
Comparison of the DAB, DMB & DVB-H Systems  (0) 2006.04.01
DOCSIS 1.0 1.1 2.0  (0) 2006.02.11
MPEG4 AAC AVC 비교  (0) 2006.02.11
[펌] MPEG2 시스템(Transport Stream)  (0) 2006.02.11
Posted by 김용환 '김용환'

MPEG4 AAC AVC 비교

Digital TV 2006.02.11 01:02
1.H.264 (MPEG-4 Part 10 AVC)

디지털 신호처리·저장매체·전송방식의 발전은 음성 정보에 국한된 서비스를 멀티미디어 서비스로 진화시켰다. 그동안 방대한 데이터를 저장·전송하기 위한 여러가지 압축기술이 연구돼 왔으며, 특히 1980년대 후반 디지털 동영상 정보의 부호화 및 저장기술 표준규격을 제정해야 한다는 요구가 제기되면서 기술발전이 가속화하기 시작했다.

이에 따라 국제전기통신연합(ITU)은 유무선 통신망 환경에서 동영상 서비스를 위한 표준 규격인 H.261과 H.263을 제정했고, 세계표준화기구(ISO)도 동영상 표준 규격인 MPEG-1, MPEG-2, MPEG-4를 마련하는 등 세계적인 표준화 논의가 활발했다. H.263+와 MPEG-4 표준이 개발된 뒤 무선통신이 급격히 확산되면서 종전 압축방법에 비해 더욱 향상된 압축효율을 제공하고, 다양한 통신환경을 수용할 수 있는 동영상 압축기술 규격의 필요성이 대두했다. 이에 ITU는 H.26L로 명명한 차세대 부호화 방식의 ‘기술제안요청서’를 발표했으며, 각급 기업체·연구소·학계의 활발한 연구가 진행됐다. 이후 2001년 ISO/IEC의 MPEG 그룹이 H.26L 프로젝트에 참가함으로써, 지난해 5월 마침내 ITU-T는 H.264라는 표준을 승인했고 이어 8월 ISO/IEC에서 MPEG-4 Part 10으로 최종 승인했다. (본 글에서는 H.264로 명명한다)

ITU-T와 ISO가 공동 제정한 차세대 동영상 압축 표준 H.264는 다양한 네트워크 환경에 쉽게 부응할 수 있는 유연성과 동영상의 부호화 효율성 측면에서 MPEG-2, MPEG-4(Part 2) 등 기존 기술표준들에 비해 많은 진보가 있었다. 비록 H.264가 기존의 표준들과 하이브리드 비디오 부호화라는 유사한 방식을 이용하고 있으나 다음과 같은 기술적 우위를 지니고 있다.

• 향상된 움직임 예측 및 보상
• 부정합(Mismatch)이 없는 작은 블록크기의 블록 변환
• 인루프디블로킹필터(In-Loop Deblocking Filter)
• 향상된 엔트로피 부호화
• 다양한 네트워크에 적응하기 위한 NAL

H.264가 MPEG-2, MPEG-4(Part 2) 등 기존 동영상 압축 표준에 비해 높은 압축성능과 유연성의 장점을 가진 반면, 부호기 및 복호기의 복잡도 역시 훨씬 증가한다는 단점이 있다. 부호기 측면에서는 기존 표준보다 더욱 많아진 파라미터 및 부호화 모드를 결정해야 하며, 복호기도 디블로킹필터나 1/4화소 단위의 움직임 보상 등으로 인해 계산량이 매우 증가했다. 따라서 H.264가 상용화하기 위해서는 기술원리를 정확히 이해하고, 효율적으로 부호기·복호기를 구현하는 적용기술이 매우 중요하다.






2.MPEG-4 HE(High-Efficiency) AAC

MPEG-4 HE AAC는 채널당 24kbps의 낮은 전송률에서도 CD 수준의 높은 음질을 제공하는 저전송률 오디오 부호기다. 기존 지각적 오디오 부호기의 한계를 극복하기 위해 대역폭 확장 기술의 하나인 SBR을 MPEG-4 AAC에 적용한 것이다. MPEG-4 HE AAC의 높은 압축 효율은 이동통신 및 디지털 방송과 같이 전송 대역이나 저장 용량이 제한되거나 매우 값 비싼 응용 분야에 유용하다. 그리고 이전 AAC와 양방향 호환이 가능한 구조상의 유연성은 MPEG-4 HE AAC의 또 다른 장점이라고 할 수 있다. 세부 요소기술은 다음과 같다.

우선 MPEG-4 AAC(Advanced Audio Coding) 기술은 압축기술을 특정 응용 분야에 한정하는 대신 압축할 정보를 음성, 배경음악, 효과음 등 다양한 구성요소의 결합으로 처리하는 식으로 구성됐다는 점이 특징이다. 이 기술이 범용성과 객체기반 구성 및 조절성, 콘텐츠기반 상호작용성 등 새로운 개념을 도입할 수 있었던 것도 이런 이유다. 결과적으로 MPEG-4 오디오의 부호화 영역은 2kbps의 낮은 비트 전송률 음성 부호화에서부터 채널당 64kbps 이상의 고음질 오디오 부호화에 이르기까지 확장됐다. 이 가운에 일반적인 오디오 부호화의 영역에 해당하는 MPEG-4 AAC는 이전 MPEG-2 AAC를 기반으로 PNS(Perceptual Noise Substitution), LTP(Long-Term Prediction) 등의 알고리즘이 추가됐다. 이후 MPEG-4 GA는 에러레질리언스(Error Resilience), BSAC(Bit Sliced Arithmetic Coding) 등 신규 알고리듬을 수용하며 버전2로 발전했고, 버전3에 이르러 SBR과 AAC가 결합된 MPEG-4 HE AAC가 표준으로 자리잡았다.

SBR 기술의 기본원리는 오디오 신호의 고주파와 저주파 대역 사이에 높은 연관성이 존재한다는 가정에 기반을 둔다. 이는 저주파 대역의 정보를 이용해 고주파 대역 성분을 추정할 수 있다는 것을 의미한다. SBR의 첫 단계는 저주파 스펙트럼 데이터를 고주파 대역으로 복사하는 전위의 과정이다. 그런 다음 전 대역의 스펙트럼을 갖는 원본 오디오 신호의 스펙트럼 포락선과 전위 과정에서 포함되지 않고 제외될 가능성이 있는 고주파 성분을 보상하기 위해 필요한 추가 정보를 이용, 고주파 대역의 모양을 조정한다.

AAC는 SBR과 결합될 경우 AAC만 사용할 때보다 훨씬 높은 압축 효율을 갖게 되는데, 이는 SBR의 추가 정보가 매우 작아 AAC의 부호화 자원 대부분을 저주파 성분의 부호화에만 사용할 수 있기 때문이다. SBR과 결합된 AAC를 통상 ‘AAC+’ 또는 ‘aacPlus’라고 하며, 표준화이후 공식 명칭은 ‘MPEG-4 HE AAC’다.

3.멀티미디어 단말 기술

현재 국내의 이동통신사들은 무선 멀티미디어 서비스를 제공중이며, 단말기 제조업체들도 종전 소형화 경쟁에서 벗어나 다양한 기능성을 갖춘 동영상(VOD) 단말기를 앞다퉈 출시하고 있다. 게다가 초기 짧은 동영상 클립을 다운·재생해주던 단순 기능에서 벗어나 한시간 이상 동영상 녹화가 가능한 캠코더이나 ‘QVGA’급 해상도를 지원하는 휴대폰 및 디지털 카메라 수준의 메가픽셀 폰도 등장하는 추세다. 이런 멀티미디어 기능은 모뎀칩외에 별도 응용 프로세서상에 구현되며 현재 몇 종의 칩솔루션이 개발돼 있다.

멀티미디어 애플리케이션은 DHK&호스트 인터페이스와 멀티미디어모듈을 사용하며, 스트리밍·로컬·다운로드 서비스와 정지영상 및 동영상 기능을 제공한다. 각각의 응용 프로그램들은 메모리 오버레이 구조를 이용해 구동된다. 멀티미디어 알고리듬은 H.264 및 MPEG-4 HE AAC를 비롯, JPEG 인코더·디코더, MPEG4 비디오 인코더/디코더, EVRC 인코더·디코더를 포함하는 코덱솔루션과 카메라 센서를 통한 이미지 라이브러리, 무선 환경에 최적화된 무선 프로토콜 (RTP/RTCP/RTSP)로 구성된다. DHK&호스트 인터페이스는 DSP 응용 프로그램의 스와핑을 담당하며, 휴대폰 특성상 필요한 저전력 소모를 위해 절전 기능, 호스트와 안정적인 고속통신을 지원하는 기능 등을 제공한다.

H.264와 MPEG-4 HE AAC는 향후 적용분야도 무궁무진하다. 이 기술들이 매우 낮은 비트율에서도 뛰어난 화질과 음질을 제공하는 덕분이다. 따라서 플래시 메모리를 탑재한 휴대용 플레이어 등 파일기반 저장매체뿐만 아니라 디지털방송, 이동통신 네트워크와 같이 높은 압축 효율을 필요로 하는 응용 분야에도 적합하다. 또한 전송 대역이나 저장 용량은 부호화될 비디오/오디오 채널 수에 비례하기 때문에 높은 압축 효율은 다채널 환경에서도 유용하다고 할 수 있다. 최근 DVD 관련 표준화를 논의하는 DVD포럼에서도 H.264·MPEG-4 HE AAC를 미래 HD-DVD 플레이어의 표준 비디오·오디오 코덱으로 채택하는 등 그 우수성을 빠르게 인정받고 있는 추세다. 일례로 H.264 및 MPEG-4 HE AAC는 현재 SK텔레콤의 VOD 서비스 표준으로 채택되기도 했다. 또한 H.264는 현재 국내 위성 디지털멀티미디어방송(DMB) 및 지상파 DMB의 기술표준으로, MPEG-4 HE AAC는 국내 위성 DMB의 표준으로 각각 선정됐다.

구체적인 응용분야를 요약, 정리하면 다음과 같다.
• 무선통신 환경에서 멀티미디어 응용: 주문형비디오(VOD)/주문형음악(MOD)
• 무선통신을 통한 방송서비스: 지상파 DMB/위성 DMB
• 광(Optical) 및 자성(Magnetic)을 이용한 저장장치
• 유선 네트워크(ISDN, LAN, xDSL, 모뎀)을 이용한 VOD 및 스트리밍 서비스
• 휴대용 미디어 플레이어

'Digital TV' 카테고리의 다른 글

IPTV의 큰 난관  (0) 2007.10.03
LAN 관련 Spec  (0) 2006.04.10
Comparison of the DAB, DMB & DVB-H Systems  (0) 2006.04.01
DOCSIS 1.0 1.1 2.0  (0) 2006.02.11
MPEG4 AAC AVC 비교  (0) 2006.02.11
[펌] MPEG2 시스템(Transport Stream)  (0) 2006.02.11
Posted by 김용환 '김용환'
MPEG2 시스템, Transport Stream & packet distruction

MPEG비디오 비트열과 MPEG 오디오 비드열을 하나로 묶어 전송하거나 저장하기 위한 규경이 MPEG 시스템이다. 이렇게 하나의 비트열로 다중화할 때 통신 채널이나 저장 미디어 등이 갖는 프로토콜이나 저장 포맷에 적합한 형식으로 할 필요가 있다. 이와 함께 비디오와 오디오의 동기(lip sync)를 맞추는 수단을 제공하는 것도 MPEG 시스템의 중요한 역할이다.

MPEG시스템에는 이미 다룬바 있는 MPEG 1 시스템과 MPEG 2시스템이있다. MPEG 1 시스템은 단일 프로그램을 오류가 없는 채널 환경에서 다중화하므로, 비디오 CD등 비교적 좁은 범위의 응용분야에 사용된다. 보다 정확히는 채널이 가지고 있는 오류 정정 능력에 의해 오류가 수정되므로 MPEG 1 시스템에서는 오류를 고려할 필요가 없다. 이에 비해 MPEG 2 시스템은 방송, 통신, 저장 미디어 등 광범위한 응용분야에 대응하고 있어 그 포맷도 훨씬 복잡하다.

MPEG2 시스템에는 두 종류의 다중화 방식이 있다. 하나는 프로그램스트림(PS :Program Stream)이라고 불리는 것으로 단일 프로그램을 오류가 없는 채널 환경에서 다중화하는데, MPEG-1 시스템을 약간 개선한 것이다.

또 하나는 트랜스포트 스트림(TS :Transprot Stream)으로 오류가 있는 채널환경에서 복수의 프로그램을 다중화한다. 복수의 프로그램을 하나의 비트열로 다중화하므로 멀티미디어 시대의 디지털 TV방송 등에 적합하고 제한수신을 위한 스크램블 기능(비트열을 암호화하여 유료 가입자 이외에는 시청할 수 없게 하는것)을 부가할수 있도록 되어 있다. 또한 랜덤 액세스가 용이하도록 디렉토리 정보나 개별 비트열에 관한 정보 등을 실을 수 있다. PS는 이미 다룬 MPEG 1 시스템과 유사하므로 여기서는 주로 TS에 대해 기술한다.

MPEG 2 시스템은 시분할다중방식(TDM : Time Division Multiple.ing)에서 쓰이고 있는 패킷 다중화 방식을 채택하고 있다. 이때 비디오와 오디오 비트열은 각각을 우선 패킷이라 불리는 적당한 길이의 비트열(PES:Packetized Elementary Stream)로 분할한다. PES패킷은 다양한 응용에 대응하도록 길이의 상한을 64KB까지로 하고 있고, 각 패킷마다 고정길이나 가변길이 어느것이라도 취할수 있도록 하고 있다. 또한 가변 전송속도도 허용되고 있고 불연속적인 전송도 가능하다. 이 각각의 PES를 하나의 비트열로 다중화하여 PS나 TS를 만든다.

패킷 길이는 전송채널이나 매체에 크게 의존한다. 가령 광대역 종합정보통신망(BISDN)에 있어서의 프로토콜인 ATM(Asynchronous Transfer Mode.비동기 전달모드)에서는 53 바이트의 패킷(셀)을 사용한다. 이중 패킷에 관한 기본 정보를 담는 헤더가 5바이트를 차지하므로 실제 사용자 정보(Payload)는 48바이트이다. 이와같이 길이가 짧은 패킷은 헤더가 상대적으로 많은 비율을 점유하므로 사용자 정보의 전송효율이 떨어지지만 지연시간과 버퍼 메모리양이 적은 이점이 있다.

TS패킷은 ATM과의 접속성을 고려하여 1백88바이트의 비교적 짧은 고정길이를 가지고 있다. ATM 셀의 사용자 정보 48바이트중 한바이트를 AAL(ATM Adaptation Layer)용으로 사용하면 실제 사용자 정보는 47바이트가 된다.

따라서 하나의 TS패킷은 4개의 ATM 셀에 실어서 전송할 수 있다. 각 TS패킷의 첫 4바이트는 해더용이므로 나머지 1백84바이트가 실제 비디오나 오디오 등을 실어나르는 사용자정보 부분이다.

많은 응용분야에서 오류정정을 위한 부호를 부가하는데 TS 패킷의 길이는 이를 고려하여 결정되었다. 즉 블록 오류정정부호로서 가장 탁월한 성능을 갖는 리드솔로몬부호는 적용하려면 TS 패킷의 길이는 2백 55보다 충분히 작은 것이 바람직하므로 결국 ATM과의 접속성을 함께 만족시키는 1백88로 결정된 것이다.

한 예로 무궁화 위성을 이용한 디지털 방송에서는 각 TS 패킷에 16바이트의 오류정정부호를 부가한 RS(204,188)를 사용하고 있어 수신측에서 2백4바이트중 8바이트까지의 오류를 정정할수 있다. 많은 경우 군집오류에 강한 리드솔로몬 부호와 더불어 산발적 오류에 강한 길쌈부호(Convoltional Code) 혹은 길쌈부호를 변조부와 결합하여 성능을 개선하는 TCM(Trellis Coded Modulation)을 함께 사용하고 있다.

MPEG2 시스템에서는 두 종류의 다중화 비트열을 다룬다. 그중 프로그램스트림(Program Stream)은 하나의 방송 프로그램(비디오+오디오+자막)을 오류가 없는 채널 환경 혹은 CD 등에서 보는 바와 같이 매체자체의 오류정정 기능을 그대로 활용하는 경우에 사용하는 다중화 방법이고, 트랜스 포트 스트림(TS:Transport Stream)은 오류가 있는 채널 환경에서 여러개의 방송 프로그램을 동시에 보낼때 사용하는 다중화 방법이다. 예를 들면 비디오 CD처럼 하나의 프로그램을 저장할 때는 프로그램 스트림이 사용되고 무궁화 위성을 이용한 복수 프로그램의 디지털 방송에는 트랜스포트 스트림이 사용된다.

트랜스포트 스트림의 기능에 관해 무궁화 위성 방송의 예를 들어 보다 구체적으로 살펴보기로 하자. 무궁화위성은 (비록 1호기는 발사 실패로 수명이 단축되어 앞으로 발사도리 2호기가 그 역할을 대신하겠지만) 방송용 중계기3개와 통신용 중계기 12개를 가지는 방송,통신 겸용 위성이다. 위성방송에 있어서 현재 일본의 위성방송이나 홍콩의 스타 TV 등과 같은 아닐로그 FM 방식을 사용하면 중계기당 한 방송밖에 수용할 수 없지만, MPEG2를 이용한 디지털 방식을 사용하면 중계기당 4~8방송까지 수용할 수 있다. 우리나라의 경우 프로그램의 부족이나 화질등을 감안, 중계기당 4 방송을 고려하고있다. 이 위성방송에 있어서 다중화는 다음과 같은 단계로 이루어진다. 우선 각 방송국으로 부터의 프로그래이 비디오는 MPEG2 비디오, 오디오는 MPEG2 오디오 압축 알고리즘을 이용해 각각 30대1과 6대1정도로 압축된다. 이 압축된 비트열은 패킷 형태로 묶여져 각각 비디오 패킷과 오디오 패킷으로 변형된다. 이어서 이들을 1백88바이트의 고정길이를 갖는 트랜스포트 스트림 패킷 여러개의 차곡차곡 싣는다. 하나의 트랜스포트 패킷은 4바이트의 헤더를 제외하면 1백 84바이트의 실제 짐을 실을 수 있다. 마치 택시의 정원이 5명이지만 운전기사를 빼면 실제 승격은 4명인 탈 수 있는 것과 같은 원리이다. 헤더에는 13비트의 프로그램 식별정보(PID:program identification)가 포함되어, 이 패킷에 실린 짐이 어느 방송국의 무슨(즉 비디오인지 오디오인지)정보인지를 나타내는데 쓰인다.

이렇게 각 방송국에서 1차적으로 다중화되어 나오는 트랜스포트 패킷은 2차적으로 여러 방송국의 트랜스포트 패킷들이 또 다중화되어 하나의 비트열을 구성해 하나의 중계기를 통해 송출될 수 있는 형태가 된다. 이런 최종비트열이 중계기 수만큼 필요하다.

따라서 디지털 위성방송에 있어서의 다중화는 시분할 다중화(TCM:Time Division Multiple.ing)와 주파수분할다중화(FDM:Frequency Division Multiplex)가 결합되어 있다. 즉 중계기들은 각각 27MHz의 대역폭을 가지면서 FDM의 형태로 운용되지만 한 중계기를 4개 방송사가 TDM방식으로 공유하는 것이다. 각각의 중계기에 실린 트랜스포트 스트림은 에러 정정을 위해 리드솔로몬 부화와 길쌈부호가 행해지고 QPSk 변조를 통해 지상과 위성간에 전송이 이루어진다.

수신기에서의 트랜스포트 스트림의 복호시에는 위의 역과정이 행해지다.

우선수신하고자 하는 방송이 들어있는 중계기를 선택해 QPSK 복조하고 에러 정정을 행한다. 이 출력은 여러 방송이 다중화된 비트열이므로 우선 수신하고자 하는 방송국의 트랜스포트 패킷만을 골라내고, 이중 비디오 패킷은 비디오 디코더에서, 오디오 패킷은 오디오 디코더에서 각각 복호함으로써 영상과 음향을 재생하게 된다. 이와 같은 다단계 동작을 위해 몇가지 프로그램 관련정보 테이블(PSI:program specific information)이 필요하게 된다.

PAT(Program Association Table)는 PID=0인 패킷으로, 각 프로그램 마다 트랜스포트 패킷을 할당해 주는 역할을 한다. 이렇게 지정된 패킷에 가보면 거기에서는 그 프로그램을 구성하는 비디오와 오디오 비트열이 어떤 패킷에 실려오는지를 알려주는데 이를 PMT(Program Map Table)라 한다. 이렇게 PAT와 PMT로 나누어서 트리형태로 기술하는 이유는, 하나의 테이블로 모두 기술하면 이 테이블이 너무 커져 테이블을 기억시킬 메모리가 커지게 되고, 또한 테이블의 후반부에 기술되는 프로그램의 정보를 액세스하는데 시간이 오래 걸리기 때문이다.

이밖에도 중계기와 프로그램간의 링크 정보를 담는 NIT(Networt Inform action Table)와 조건부 수신 정보를 담는 CAT(Conditional Access Table)등이 시스템 운용을 위한 부가정보 테이블로 사용된다.

'Digital TV' 카테고리의 다른 글

IPTV의 큰 난관  (0) 2007.10.03
LAN 관련 Spec  (0) 2006.04.10
Comparison of the DAB, DMB & DVB-H Systems  (0) 2006.04.01
DOCSIS 1.0 1.1 2.0  (0) 2006.02.11
MPEG4 AAC AVC 비교  (0) 2006.02.11
[펌] MPEG2 시스템(Transport Stream)  (0) 2006.02.11
Posted by 김용환 '김용환'