Package: libcap-bin
Version: 1:1.10-14
Severity: important
Hi Michael,
I've been trying to evaluate the status of the POSIX capability patch that's
included in the Debian PAM package in relation to bug #153157, and I'm
having some serious doubts that the libcap-bin programs actually work:
$ su
Password:
# /sbin/getpcaps $$
Capabilities for `13995': =ep cap_setpcap-ep
# sucap vorlon vorlon /bin/bash
Caps: =ep cap_setpcap-ep
Caps: =
[debug] uid:1000, real uid:1000
sucaps: capsetp: Operation not permitted
sucap: child did not exit cleanly.
#
Is this related to the fact that all of these processes seem to have an
empty set of inheritable capabilities? Is it a general problem of
capabilities support in recent kernels?
From what I see, if I can't set an inheritable capability, capability
support in pam_limits isn't much use and should be dropped.
Thanks,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
[EMAIL PROTECTED] http://www.debian.org/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]