On 14-07-2012 19:02, Mantas Mikulėnas wrote:
On Sat, Jul 14, 2012 at 7:35 PM, Mauro Santos <registo.mailling@gmail.com> wrote:
I'm not sure if mounting with nouser_xattr might have some influence.
Unlikely. As you noted below, the capabilities are stored in security.* namespace, while `user_xattr` only affects the user.* namespace.
One funny thing is that 'man capabilities' says: "The file capability sets are stored in an extended attribute (see setxattr(2)) named security.capability."
'attr -l /usr/bin/ping' lists 'capability' as an attribute, however neither 'attr -g capability /usr/bin/ping' or 'attr -g security.capability /usr/bin/ping' can get the stored value. 'getcap /usr/bin/ping' does return the correct value.
The `attr` tool, coming from XFS, deals /only/ with attributes in the user.* namespace. `attr -g security.capability` will try to show you "user.security.capability".
Use `getfattr` for the rest:
$ getfattr -d -m "-" ping # file: ping security.capability=0sAQAAAgAgAAAAAAAAAAAAAAAAAAA=
See attr(5) for xattr namespaces.
Mystery solved :) I missed the pattern option for getfattr, so the "I'm missing something" applies, as is usually the case. -- Mauro Santos