This capability is intended to alleviate a security issue associated with dynamic loading. The user must have root authority to dynamically load, and a WLI administrator key must grant dlkm capability directly or through another authorized key.
1.2.4api
WLI permits an application to execute functions contained within the shared object library /opt/ wli/lib/libwliapi.so by granting api capability. This library provides functions to programmatically create, delete, and update policies described in Section 1.1 (page 9). The key signing the executable that invokes libwliapi.so functions must be granted api capability through wlicert. The executable is not required to have api capability.
The services provided by libwliapi are also provided by the wlipolicy command to users holding an authorized key. For an implementation example using libwliapi, see “libwliapi example” (page 45).
1.2 Capabilities | 11 |