On 14-07-2012 19:02, Mantas Mikulėnas wrote: > On Sat, Jul 14, 2012 at 7:35 PM, Mauro Santos > <registo.mailling@xxxxxxxxx> wrote: >> I'm not sure if mounting with nouser_xattr might have some influence. > > Unlikely. As you noted below, the capabilities are stored in > security.* namespace, while `user_xattr` only affects the user.* > namespace. > >> One funny thing is that 'man capabilities' says: >> "The file capability sets are stored in an extended attribute (see >> setxattr(2)) named security.capability." >> >> 'attr -l /usr/bin/ping' lists 'capability' as an attribute, however >> neither 'attr -g capability /usr/bin/ping' or 'attr -g >> security.capability /usr/bin/ping' can get the stored value. 'getcap >> /usr/bin/ping' does return the correct value. > > The `attr` tool, coming from XFS, deals /only/ with attributes in the > user.* namespace. `attr -g security.capability` will try to show you > "user.security.capability". > > Use `getfattr` for the rest: > > $ getfattr -d -m "-" ping > # file: ping > security.capability=0sAQAAAgAgAAAAAAAAAAAAAAAAAAA= > > See attr(5) for xattr namespaces. > Mystery solved :) I missed the pattern option for getfattr, so the "I'm missing something" applies, as is usually the case. -- Mauro Santos
