Sorry for the repost; I forgot to mention that I'm running kernel 2.2.14
with Ben Grear's VLAN patch and init's capabilities tweaked to be ~0 (so I
can re-capabilize running processes).
Playing with capabilities recently, I found that I can give capabilities
to an existing non-root shell as expected (using the 'setpcaps' program),
but these capabilities are in name only:
--------------------------
bash-2.03$ getpcaps $$
Capabilities for `4691': =i
<switch to root shell, run "setpcaps =eip 4691", switch back>
bash-2.03$ getpcaps $$
Capabilities for `4691': =eip
bash-2.03$ renice -10 $$
renice: 4691: setpriority: Permission denied
bash-2.03$ bash
bash-2.03$ getpcaps $$
Capabilities for `4738': =i
bash-2.03$
--------------------------
The existence of 'sucap' suggests that using capabilities in non-root
processes is in the master plan. Is it just not implemented yet, or am I
missing something?
-Eric
p.s. if anyone can spare a clue - where is capable(CAP_WHATEVER) defined
in the kernel source? Can't find it anywhere...
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Apr 15 2000 - 21:00:11 EST