| 1 |
I'm trying to add NET_ADMIN capability to an executable that needs to |
| 2 |
create a tun inteface. AFACIT, this is the command to do that: |
| 3 |
|
| 4 |
$ sudo setcap cap_net_admin+ep example_app |
| 5 |
Failed to set capabilities on file `example_app' (Operation not supported) |
| 6 |
|
| 7 |
The only possible cause for that message Google has been able fo find |
| 8 |
is that the FS doesn't have xattr support. It's an ext4 filesystem, |
| 9 |
and I believe xattr support is enabled: |
| 10 |
|
| 11 |
$ rm -f xattr-test |
| 12 |
$ touch xattr-test |
| 13 |
$ setfattr -n user.test -v "hello" xattr-test |
| 14 |
$ getfattr -d xattr-test |
| 15 |
# file: xattr-test |
| 16 |
user.test="hello" |
| 17 |
|
| 18 |
(AFAICT, there's no way to disable xattr support in ext4.) |
| 19 |
|
| 20 |
I've also found sources that mention that in the kernel configuration |
| 21 |
under 'enable different security models' you have to enable the |
| 22 |
'capabilities' option. But, that option doesn't seem to exist in 5.10 |
| 23 |
kernels. The only occurances of the string CAPAB in 5.10 Kconfig files |
| 24 |
is CPU_THUMB_CAPABLE |
| 25 |
|
| 26 |
What do I need to do to get setap to work? |
| 27 |
|
| 28 |
-- |
| 29 |
Grant |
Archives