X-Received: by 10.59.7.2 with SMTP id cy2mr2777240ved.9.1392242362902; Wed, 12 Feb 2014 13:59:22 -0800 (PST)
X-Received: by 10.50.66.196 with SMTP id h4mr16046igt.16.1392242362672; Wed, 12 Feb 2014 13:59:22 -0800 (PST)
Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!usenet.blueworldhosting.com!feeder01.blueworldhosting.com!peer01.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!k15no18772834qaq.0!news-out.google.com!s3ni16790qas.0!nntp.google.com!c10no19524468igq.0!postnews.google.com!glegroupsg2000goo.googlegroups.com!not-for-mail
Newsgroups: comp.os.linux.development.apps
Date: Wed, 12 Feb 2014 13:59:22 -0800 (PST)
In-Reply-To: <ldffki$4q0$1@gonzo.reversiblemaps.ath.cx>
Complaints-To: groups-abuse@google.com
Injection-Info: glegroupsg2000goo.googlegroups.com; posting-host=137.201.242.130; posting-account=1YXm2woAAACEQ98hAgh4lMWRjGu5cTtZ
NNTP-Posting-Host: 137.201.242.130
References: <5d3aec9e-51c1-4a9a-801c-6281a8e62648@googlegroups.com> <ldffki$4q0$1@gonzo.reversiblemaps.ath.cx>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <f08d472b-5692-4dfd-aa46-8e5418558186@googlegroups.com>
Subject: Re: How does one use capabilities
From: Andrew Falanga <af300wsm@gmail.com>
Injection-Date: Wed, 12 Feb 2014 21:59:22 +0000
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Received-Bytes: 2630
X-Received-Body-CRC: 1350314788
Xref: csiph.com comp.os.linux.development.apps:653

On Wednesday, February 12, 2014 2:41:38 AM UTC-7, Jasen Betts wrote:
> On 2014-02-12, Andrew Falanga <af300wsm@gmail.com> wrote:
>=20
> > Hi,
>=20
>=20
>=20
> shoule be=20
>=20
> #include <sys/capability.h>
>=20

Yes, yes, the actual does have this because I compiled, linked and ran.  So=
rry for the poor job of quickly typing in the text box.  (Really should hav=
e copy/pasted).

>=20
>=20
> >
>=20

> should be=20
>=20
>   cap_to_text(caps,NULL)=20

This is what I used.

>=20
>  =20
>=20
> ,which leaks memory, but atleast doesn't give undefined behaviour.

Didn't know it leaked memory though.

>=20
> well, in spite of all that it seems to be working.
>=20
> try running it as root.

So apparently it was working for me and the process had an empty set of cap=
abilities.  When I run as root, instead of

Capabilities: =3D

when run as root I get:

Capabilities: =3Dep

I do not understand then how capabilities are set on a per process basis.  =
I've read enough to know that, ordinarily, a process cannot up its capabili=
ties but can temporarily drop and then reestablish them (given they can do =
that).  Is this understanding correct?  How are capabilities initially set?=
  Is it expected that an unprivileged process should contain and empty set =
of capabilities?  If so, then how could *any* process do anything with thei=
r set of capabilities?

Andy