Hopefully not a flamewar question... Currently, capabilities of a process are reset during exec() system call. At least effective+permitted set.
1) In case new uid != 0, all the caps are cleared, so it is not possible to execute a program as non-root but still give it some capabilities (like, say, CAP_NET_BIND_SERVICE). 2) In case new uid == 0, effective and permitted sets are restored to all-ones. This is regardless of other settings, like prctl(KEEPCAPS), or the current set of capabilities. I partly understand why 2) is done - in case of setuid binary being executed, all the capabilities are set for it. But this breaks executing non-setuid binaries too -- for example, it'd be very nice to be able to chroot to some directory, and remove CAP_SYS_CHROOT (and other evil caps like CAP_SYS_MODULE, CAP_SETPCAP) -- this way, with minimal efforts, chroot will work almost (yes, I understand it's not entirely the same) the same as BSD jail(2) concept. So the question is: why capability sets are being reinitialized during exec()? At least in 2.4 era, they weren't... and stuff like execcap, sucaps etc was working. Now they aren't anymore. Thanks. /mjt - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
