Groups | Search | Server Info | Keyboard shortcuts | Login | Register

Groups > comp.os.linux.development.apps > #653

Re: How does one use capabilities

Newsgroups comp.os.linux.development.apps
Date 2014-02-12 13:59 -0800
References <5d3aec9e-51c1-4a9a-801c-6281a8e62648@googlegroups.com> <ldffki$4q0$1@gonzo.reversiblemaps.ath.cx>
Message-ID <f08d472b-5692-4dfd-aa46-8e5418558186@googlegroups.com> (permalink)
Subject Re: How does one use capabilities
From Andrew Falanga <af300wsm@gmail.com>

Show all headers | View raw

On Wednesday, February 12, 2014 2:41:38 AM UTC-7, Jasen Betts wrote:
> On 2014-02-12, Andrew Falanga <af300wsm@gmail.com> wrote:
> 
> > Hi,
> 
> 
> 
> shoule be 
> 
> #include <sys/capability.h>
> 

Yes, yes, the actual does have this because I compiled, linked and ran.  Sorry for the poor job of quickly typing in the text box.  (Really should have copy/pasted).

> 
> 
> >
> 

> should be 
> 
>   cap_to_text(caps,NULL) 

This is what I used.

> 
>   
> 
> ,which leaks memory, but atleast doesn't give undefined behaviour.

Didn't know it leaked memory though.

> 
> well, in spite of all that it seems to be working.
> 
> try running it as root.

So apparently it was working for me and the process had an empty set of capabilities.  When I run as root, instead of

Capabilities: =

when run as root I get:

Capabilities: =ep

I do not understand then how capabilities are set on a per process basis.  I've read enough to know that, ordinarily, a process cannot up its capabilities but can temporarily drop and then reestablish them (given they can do that).  Is this understanding correct?  How are capabilities initially set?  Is it expected that an unprivileged process should contain and empty set of capabilities?  If so, then how could *any* process do anything with their set of capabilities?

Andy

Back to comp.os.linux.development.apps | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

How does one use capabilities Andrew Falanga <af300wsm@gmail.com> - 2014-02-11 17:00 -0800
  Re: How does one use capabilities Jasen Betts <jasen@xnet.co.nz> - 2014-02-12 09:41 +0000
    Re: How does one use capabilities Andrew Falanga <af300wsm@gmail.com> - 2014-02-12 13:59 -0800
      Re: How does one use capabilities Jasen Betts <jasen@xnet.co.nz> - 2014-02-13 11:47 +0000
        Re: How does one use capabilities Joe Beanfish <joebeanfish@nospam.duh> - 2014-02-13 14:12 +0000

csiph-web