I now am doing some work on linux kernel.I want to reduce the
capabilitis of the executable file which has "S" bit. from beginning ,I do from "ping" .I drop of some of useless capability of
ping's when it is running in the kernel .but when I use the "my new" ping now,I always get system information "ping: icmp open socket
peration not permitted!"I think I have give it enough capabilities: they are CAP_MKNOD and CAP_NET_RAW. I also get ping 's source code ,it says:it has to run suid to become root" I can't understand it's meaning!I have given ping "euid=0".I read some kernel source code of the part of net and vfs ,but can't find where to produce the error msg"ping: icmp open socket
peration not permitted"I think if I can find where it is I will know what to do next!
So if kernel has do something else check?
pls tell me and help me !