How to use linux capability

mshang · 02-12-2006, 03:22 PM

does anyone know how to use linux capability commands, including getcaps, setcaps, sucap and execcap.

I tried many times, like
#getpcaps $$
Capabilities for '2735': =ep cap_setpcap-eq
#setpcaps CAP_SETUID+p 2735
[caps set to: = cap_setuid+p]
Failed to set cap's on process '2735': (Operating not permitted)

Actually I also tried other processes, cannot achieve on any process. Could someone tell me how to use it in correct way?

unSpawn · 02-14-2006, 08:32 AM

AFAIK this doesn't work and any digging around reveals the package to be b0rken or a kernel needed with SETCAP(?) flags. If you want to take away caps on a "global" scale (like module loading) I would suggest using Spoon's lcap package, elif you want to take away per-process caps use features from SELinux or GRSecurity's RBAC.

mshang · 02-14-2006, 02:00 PM

Since I don't want to disable all capabilty, I want to play with it and make sure how it works. The message "operation is not permitted" just stuck me there.

My system is fedora core4. Any suggestions to make it work? Thanks!

unSpawn · 02-15-2006, 08:42 AM

Any suggestions to make it work?
None except maybe look into SELinux or GRSecurity RBAC.