| 1 |
On Sat, 17 Dec 2016 12:22:19 -0800, Ian Zimmerman (itz@×××××××.net) |
| 2 |
wrote about "[gentoo-user] capabilities" (in |
| 3 |
<20161217201730.9642.0F28DB3E@××××××××××××××××××××.com>): |
| 4 |
|
| 5 |
[snip] |
| 6 |
> root@matica ~ # getcap /bin/ping |
| 7 |
> Failed to get capabilities of file `/bin/ping' (Operation not supported) |
| 8 |
> root@matica ~ # |
| 9 |
> |
| 10 |
> Any idea what could be wrong? It looks like the kernel code is always |
| 11 |
> built in nowadays - there is no kernel build option or loadable module |
| 12 |
> that I might have forgotten. |
| 13 |
|
| 14 |
In order for getcap to succeed, there must have been a setcap performed |
| 15 |
when the binary was built. |
| 16 |
|
| 17 |
The POSIX capabilities are stored in the extended attributes of the |
| 18 |
binary program's directory entry. If the build process did not perform a |
| 19 |
setcap, those extended attributes will be missing. You might also need |
| 20 |
to enable acl and/or user_xattr in the mount options for the filesystem |
| 21 |
in /etc/fstab for setcap to work. |
| 22 |
|
| 23 |
HTH |
| 24 |
-- |
| 25 |
Regards, |
| 26 |
|
| 27 |
Dave [RLU #314465] |
| 28 |
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* |
| 29 |
dwnoon@××××××××.com (David W Noon) |
| 30 |
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* |
Archives