Bug#274880: kernel-image-2.6.8-1-k7: CAPABILITIES module needs to be compiled in-kernel for getcap and setcap to work

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#274880: kernel-image-2.6.8-1-k7: CAPABILITIES module needs to be compiled in-kernel for getcap and setcap to work
From: Luke Kenneth Casson Leighton <lkcl@lkcl.net>
Date: Mon, 04 Oct 2004 15:59:52 +0100
Message-id: <[🔎] E1CEUJc-0005ae-4n@lkcl.net>
Reply-to: Luke Kenneth Casson Leighton <lkcl@lkcl.net>, 274880@bugs.debian.org

Package: kernel-image-2.6.8-1-k7
Severity: wishlist


Jens Axboe wrote:
> On Mon, Oct 04 2004, Luke Kenneth Casson Leighton wrote:
> 
>>found it.
>>
>>it's a new piece of kernel code verify_command in
>>drivers/block/scsi_ioctl.c, which checks for the capability
>>CAP_SYS_RAWIO.
>>
>>ah, dammit.
>>
>>for k3b to work, you'd have to install it setuid root, call
>>getcap(), remove all but the necessary capabilities (i.e. don't
>>remove CAP_SYS_RAWIO), do a setfsuid() and setfsgid() and do
>>a setcap().
> 
> 
> it works in 2.6.9-rcX.
> 

I don't know for sure if this is related or not, but it sure sounds like 
it. I have noticed the following in at least the last few versions (I 
believe 2.6.9-rc2 also): Even though CONFIG_SECURITY_CAPABILITIES can be 
configured as a module, if I don't compile it into the kernel getcap and 
setcap fail.

kr

-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux highfield 2.6.7-selinux1 #15 Wed Sep 29 14:04:23 BST 2004 i686
Locale: LANG=C, LC_CTYPE=C

Reply to:

Prev by Date: Bug#274860: Acknowledgement (kernel-image-2.6.8-1-686: CDROM_SEND_PACKET ioctls only work as root)
Next by Date: Fwd: posixtestsuite_1.4.3-1_i386.changes ACCEPTED
Previous by thread: Bug#274860: Acknowledgement (kernel-image-2.6.8-1-686: CDROM_SEND_PACKET ioctls only work as root)
Next by thread: Fwd: posixtestsuite_1.4.3-1_i386.changes ACCEPTED
Index(es):
- Date
- Thread