Re: SG_IO permissions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

* Arne Wiebalck (arne.wiebalck@xxxxxxx) [20080702 20:40]:

> The user process in my case is forked by another process which
> runs as root. But since this process does not have CAP_SETPCAP
> it cannot set the child's capabilities (which is how I naively
> thought one could implement this).

There is no need.  Your problem is that setuid() clears the
permissible capability set.  This should do the trick:

	/* ...in child after fork()... */
	prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
	setuid(...);
	cap_set_proc(cap_from_text("cap_sys_rawio+ep"));

HTH,
Peter

-- 
    .+'''+.         .+'''+.         .+'''+.         .+'''+.         .+''
 Kelemen Péter     /       \       /       \     Peter.Kelemen@xxxxxxx
.+'         `+...+'         `+...+'         `+...+'         `+...+'
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]
  Powered by Linux