I intend to grant a userland process - running non-root - certain permissions:
accessing the RTC, sched_setscheduler(SCHED_FIFO..) and others. The procedure
of process creation, in a test application, is:
- root starts the parent process, with a parameter defining the login,
it should run under
- the process fork()s a child
- child does setuid() and setgid(), the waits
- parent _TRIES_ to capsetp( childpid, ... ), this fails
- parent is confused, and does capget().
For its effective caps, it gets 0xfffffeff - all bits set,
!!! EXCEPT CAP_SETPCAP !!!
The kernel code in 2.4.21/kernel/capability.c breaks at line 149:
if (pid && !capable(CAP_SETPCAP))
return -EPERM;
As we know, capable() extends to current->cap_effective & (1<<CAP_SETPCAP).
That's the point, root bites his ass ;-)
I didn't recurse through that tons of code, googling for macro's like
CAP_INIT_EFF_SET or CAP_FULL_SET, hoping one of you knows about the trick:
how, without hacking the kernel code, do I get my root process
CAP_SETPCAP'able ?
TIA
Michael
--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive: http://mail.nl.linux.org/kernelnewbies/
FAQ: http://kernelnewbies.org/faq/
