Bug#274880: kernel-image-2.6.8-1-k7: CAPABILITIES module needs to be compiled in-kernel for getcap and setcap to work
Package: kernel-image-2.6.8-1-k7
Severity: wishlist
Jens Axboe wrote:
> On Mon, Oct 04 2004, Luke Kenneth Casson Leighton wrote:
>
>>found it.
>>
>>it's a new piece of kernel code verify_command in
>>drivers/block/scsi_ioctl.c, which checks for the capability
>>CAP_SYS_RAWIO.
>>
>>ah, dammit.
>>
>>for k3b to work, you'd have to install it setuid root, call
>>getcap(), remove all but the necessary capabilities (i.e. don't
>>remove CAP_SYS_RAWIO), do a setfsuid() and setfsgid() and do
>>a setcap().
>
>
> it works in 2.6.9-rcX.
>
I don't know for sure if this is related or not, but it sure sounds like
it. I have noticed the following in at least the last few versions (I
believe 2.6.9-rc2 also): Even though CONFIG_SECURITY_CAPABILITIES can be
configured as a module, if I don't compile it into the kernel getcap and
setcap fail.
kr
-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux highfield 2.6.7-selinux1 #15 Wed Sep 29 14:04:23 BST 2004 i686
Locale: LANG=C, LC_CTYPE=C
Reply to: