I'm trying to add NET_ADMIN capability to an executable that needs to create a tun inteface. AFACIT, this is the command to do that:
$ sudo setcap cap_net_admin+ep example_app Failed to set capabilities on file `example_app' (Operation not supported) The only possible cause for that message Google has been able fo find is that the FS doesn't have xattr support. It's an ext4 filesystem, and I believe xattr support is enabled: $ rm -f xattr-test $ touch xattr-test $ setfattr -n user.test -v "hello" xattr-test $ getfattr -d xattr-test # file: xattr-test user.test="hello" (AFAICT, there's no way to disable xattr support in ext4.) I've also found sources that mention that in the kernel configuration under 'enable different security models' you have to enable the 'capabilities' option. But, that option doesn't seem to exist in 5.10 kernels. The only occurances of the string CAPAB in 5.10 Kconfig files is CPU_THUMB_CAPABLE What do I need to do to get setap to work? -- Grant
