Alon Zahavi: > # When executing _open_shadow from dirUSB, the capabilities should not > works (because nosuid) > + getcap ./dirUSB/_open_shadow > ./dirUSB/_open_shadow = cap_dac_read_search+eip > + ./dirUSB/_open_shadow > [1] 4372 segmentation fault (core dumped) ./dirUSB/_open_shadow
Do you mean that "_open_shadow" is suid-ed? Although I don't know how the command behaves, are you sure that the command will work if you run "mount -o remount,suid"? > # When executing it from the aufs-root it works (bypassing nosuid) > + ./aufs-root/_open_shadow | tail -n2 > test:********/******************.***********./**********:18792:0:99999:7::: What will happen to the command after "mount -o remount,nosuid ./aufs-root"? > # When using the aufs copy_up, the driver "copies" it with the capabilities. > + touch ./aufs-root/_open_shadow > + getcap -r ./ > ./dir2/_open_shadow = cap_dac_read_search+eip > ./aufs-root/_open_shadow = cap_dac_read_search+eip > ./dirUSB/_open_shadow = cap_dac_read_search+eip Yes, it should be. J. R. Okajima
