Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.os.linux.development.apps > #655

Re: How does one use capabilities

Show all headers | View raw

On Thu, 13 Feb 2014 11:47:59 +0000, Jasen Betts wrote:

> On 2014-02-12, Andrew Falanga <af300wsm@gmail.com> wrote:
>>
>> Capabilities: =ep
>>
>> I do not understand then how capabilities are set on a per process
>> basis.  I've read enough to know that, ordinarily, a process cannot up
>> its capabilities but can temporarily drop and then reestablish them
>> (given they can do that).  Is this understanding correct?  How are
>> capabilities initially set?  Is it expected that an unprivileged
>> process should contain and empty set of capabilities?  If so, then how
>> could *any* process do anything with their set of capabilities?
> 
> I don't either, the man pages are long and deep, and offer teach me more
> than I am prepared prepared to learn at this time.
> 
> man 7 capabilities, there might be something in LPG too.

That's the whole idea. Capabilities are per process. RTM as Jasen
suggested. You can start thinking of capabilities as a sort of fine
grained su/root/superuser privilege. So some process with permission to
set capabilities can assign new capabilities to a process. Use "capsh" to
play with it.

Back to comp.os.linux.development.apps | Previous | Next — Previous in thread | Find similar

Thread

How does one use capabilities Andrew Falanga <af300wsm@gmail.com> - 2014-02-11 17:00 -0800
  Re: How does one use capabilities Jasen Betts <jasen@xnet.co.nz> - 2014-02-12 09:41 +0000
    Re: How does one use capabilities Andrew Falanga <af300wsm@gmail.com> - 2014-02-12 13:59 -0800
      Re: How does one use capabilities Jasen Betts <jasen@xnet.co.nz> - 2014-02-13 11:47 +0000
        Re: How does one use capabilities Joe Beanfish <joebeanfish@nospam.duh> - 2014-02-13 14:12 +0000

csiph-web