Package: kernel-image-2.6.8-1-k7 Severity: wishlist
Jens Axboe wrote: > On Mon, Oct 04 2004, Luke Kenneth Casson Leighton wrote: > >>found it. >> >>it's a new piece of kernel code verify_command in >>drivers/block/scsi_ioctl.c, which checks for the capability >>CAP_SYS_RAWIO. >> >>ah, dammit. >> >>for k3b to work, you'd have to install it setuid root, call >>getcap(), remove all but the necessary capabilities (i.e. don't >>remove CAP_SYS_RAWIO), do a setfsuid() and setfsgid() and do >>a setcap(). > > > it works in 2.6.9-rcX. > I don't know for sure if this is related or not, but it sure sounds like it. I have noticed the following in at least the last few versions (I believe 2.6.9-rc2 also): Even though CONFIG_SECURITY_CAPABILITIES can be configured as a module, if I don't compile it into the kernel getcap and setcap fail. kr -- System Information: Debian Release: testing/unstable Architecture: i386 Kernel: Linux highfield 2.6.7-selinux1 #15 Wed Sep 29 14:04:23 BST 2004 i686 Locale: LANG=C, LC_CTYPE=C
