Hello.The POSIX capability mechanism is the OS privilege mechanism ,
I found a strange behavior with kernel 2.6.9 and later. ( I haven't tested for 2.6.8 and earlier. )
It seems to me that every program calls capable(CAP_SYS_ADMIN),
even for programs such as cat(1) sed(1) ls(1).
My environment is Fedora Core 3.
The following is the patch for checking.
----- Start of Patch -----
*** sched.h.org Sat Dec 25 06:33:59 2004
--- sched.h Wed Dec 29 13:00:53 2004
***************
*** 870,875 ****
--- 870,882 ----
#else
static inline int capable(int cap)
{
+ if (cap == CAP_SYS_ADMIN) {
+ static pid_t last_pid = 0;
+ if (current->pid != last_pid) {
+ printk("euid=%d uid=%d %s %s\n", current->euid, current->uid, cap_raised(current->cap_effective, CAP_SYS_ADMIN) ? "true" : "fa
lse", current->comm);
+ last_pid = current->pid;
+ }
+ }
if (cap_raised(current->cap_effective, cap)) {
current->flags |= PF_SUPERPRIV;
return 1;
----- End of Patch -----
Programs run as root always show "true", and run as non-root always show "false",
but it's will be OK.
I can't understand why every program checks for CAP_SYS_ADMIN .
With 2.4.28 and RedHat 9, no such behavior happens.
Is this normal behavior for 2.6 ?