On Mon, Mar 09, 2015 at 07:05:24AM -0500, Christoph Lameter wrote: > On Sat, 7 Mar 2015, Serge E. Hallyn wrote: > > > > The ancestor here is ambient_test and when it is run pI will not be set > > > despite the cap setting. > > > > ambient_test is supposed to set it. > > I thought the setcap +i would do it. > > So the setcap and setting of the file inheritance bits has no effect on > pI? When the process starts pI is off despite fI being set? Correct, pI must be set through capset(). Again, x in fI is saying that the certain trusted users may have x in pP when they run the binary; x in pi means that the users may have x in pP when they run certain files. Other users running the file won't have x in pP, and the special user running other files won't have x in pP. -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
