1 |
I'm trying to add NET_ADMIN capability to an executable that needs to |
2 |
create a tun inteface. AFACIT, this is the command to do that: |
3 |
|
4 |
$ sudo setcap cap_net_admin+ep example_app |
5 |
Failed to set capabilities on file `example_app' (Operation not supported) |
6 |
|
7 |
The only possible cause for that message Google has been able fo find |
8 |
is that the FS doesn't have xattr support. It's an ext4 filesystem, |
9 |
and I believe xattr support is enabled: |
10 |
|
11 |
$ rm -f xattr-test |
12 |
$ touch xattr-test |
13 |
$ setfattr -n user.test -v "hello" xattr-test |
14 |
$ getfattr -d xattr-test |
15 |
# file: xattr-test |
16 |
user.test="hello" |
17 |
|
18 |
(AFAICT, there's no way to disable xattr support in ext4.) |
19 |
|
20 |
I've also found sources that mention that in the kernel configuration |
21 |
under 'enable different security models' you have to enable the |
22 |
'capabilities' option. But, that option doesn't seem to exist in 5.10 |
23 |
kernels. The only occurances of the string CAPAB in 5.10 Kconfig files |
24 |
is CPU_THUMB_CAPABLE |
25 |
|
26 |
What do I need to do to get setap to work? |
27 |
|
28 |
-- |
29 |
Grant |