1 |
On Sat, 17 Dec 2016 12:22:19 -0800, Ian Zimmerman (itz@×××××××.net) |
2 |
wrote about "[gentoo-user] capabilities" (in |
3 |
<20161217201730.9642.0F28DB3E@××××××××××××××××××××.com>): |
4 |
|
5 |
[snip] |
6 |
> root@matica ~ # getcap /bin/ping |
7 |
> Failed to get capabilities of file `/bin/ping' (Operation not supported) |
8 |
> root@matica ~ # |
9 |
> |
10 |
> Any idea what could be wrong? It looks like the kernel code is always |
11 |
> built in nowadays - there is no kernel build option or loadable module |
12 |
> that I might have forgotten. |
13 |
|
14 |
In order for getcap to succeed, there must have been a setcap performed |
15 |
when the binary was built. |
16 |
|
17 |
The POSIX capabilities are stored in the extended attributes of the |
18 |
binary program's directory entry. If the build process did not perform a |
19 |
setcap, those extended attributes will be missing. You might also need |
20 |
to enable acl and/or user_xattr in the mount options for the filesystem |
21 |
in /etc/fstab for setcap to work. |
22 |
|
23 |
HTH |
24 |
-- |
25 |
Regards, |
26 |
|
27 |
Dave [RLU #314465] |
28 |
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* |
29 |
dwnoon@××××××××.com (David W Noon) |
30 |
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* |