> Seriously... What capabilities does mount need in order to function? I can help out with this one. > CAP_SYS_ADMIN > * Perform a range of system administration operations including: quotactl(2), > mount(2), umount(2), swapon(2), swapoff(2), sethostname(2), and setdomain‐ > name(2); > * perform privileged syslog(2) operations (since Linux 2.6.37, CAP_SYSLOG should > be used to permit such operations); > * perform IPC_SET and IPC_RMID operations on arbitrary System V IPC objects; > * perform operations on trusted and security Extended Attributes (see attr(5)); > * use lookup_dcookie(2); > * use ioprio_set(2) to assign IOPRIO_CLASS_RT and (before Linux 2.6.25) > IOPRIO_CLASS_IDLE I/O scheduling classes; > * forge UID when passing socket credentials; > * exceed /proc/sys/fs/file-max, the system-wide limit on the number of open > files, in system calls that open files (e.g., accept(2), execve(2), open(2), > pipe(2)); > * employ CLONE_NEWNS flag with clone(2) and unshare(2); > * call setns(2); > * perform KEYCTL_CHOWN and KEYCTL_SETPERM keyctl(2) operations; > * perform madvise(2) MADV_HWPOISON operation. >From CAPABILITIES(7) in the Linux Programmer's Manual. -- To unsubscribe from this list: send the line "unsubscribe util-linux" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
