Re: must be root to ping?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 14-07-2012 19:02, Mantas Mikulėnas wrote:
> On Sat, Jul 14, 2012 at 7:35 PM, Mauro Santos
> <registo.mailling@xxxxxxxxx> wrote:
>> I'm not sure if mounting with nouser_xattr might have some influence.
> 
> Unlikely. As you noted below, the capabilities are stored in
> security.* namespace, while `user_xattr` only affects the user.*
> namespace.
> 
>> One funny thing is that 'man capabilities' says:
>> "The file capability  sets  are  stored  in  an extended attribute (see
>> setxattr(2)) named security.capability."
>>
>> 'attr -l /usr/bin/ping' lists 'capability' as an attribute, however
>> neither 'attr -g capability /usr/bin/ping' or 'attr -g
>> security.capability /usr/bin/ping' can get the stored value. 'getcap
>> /usr/bin/ping' does return the correct value.
> 
> The `attr` tool, coming from XFS, deals /only/ with attributes in the
> user.* namespace. `attr -g security.capability` will try to show you
> "user.security.capability".
> 
> Use `getfattr` for the rest:
> 
> $ getfattr -d -m "-" ping
> # file: ping
> security.capability=0sAQAAAgAgAAAAAAAAAAAAAAAAAAA=
> 
> See attr(5) for xattr namespaces.
> 

Mystery solved :) I missed the pattern option for getfattr, so the "I'm
missing something" applies, as is usually the case.

-- 
Mauro Santos




[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux