Re: [PATCH 1/1] security: introduce fs caps

[Serge E. Hallyn]

Quoting Bill O'Donnell (billodo@xxxxxxx):
> On Thu, Nov 09, 2006 at 10:33:49AM +0100, Chris Friedhoff wrote:
> | Page http://www.friedhoff.org/fscaps.html updated ...
> | Kernel 2.6.18.2 updated ...
> | System keeps on humming ...
> | Is anyone else using/testing the patch? Please give feedback ...
> 
> Most likely a cockpit error, but I'm having trouble when I give the 
> capability to ping (using the userexample from your fscaps page):
> 
> $ uname -a
> Linux certify 2.6.19-rc3 #3 SMP PREEMPT Mon Nov 13 14:40:54 CST 2006 ia64
> 
> $ sudo chmod 711 /bin/ping
> $ ping -c 1 localhost
> ping: icmp open socket: Operation not permitted
> 
> $ sudo setfcaps cap_net_raw=ep /bin/ping           
> /bin/ping: Function not implemented (errno=38)
> 
> Any help is appreciated.

Hmm, two things which come to mind are (a) do you have extended
attributes compiled into your kernel and (b) is sudo properly set
up.

But for (a) to be the case, you should be getting EOPNOTZSPUP (98),
not ENOSYS (38).

Could you send me a copy of your .config, tell me which filesystem
you are using, and send the /tmp/straceout after doing

	strace -o/tmp/straceout -f setfcaps cap_net_raw=ep /bin/ping

as root?

thanks,
-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/