[arch-general] must be root to ping?
Mantas Mikulėnas
grawity at gmail.com
Sat Jul 14 14:02:10 EDT 2012
On Sat, Jul 14, 2012 at 7:35 PM, Mauro Santos
<registo.mailling at gmail.com> wrote:
> I'm not sure if mounting with nouser_xattr might have some influence.
Unlikely. As you noted below, the capabilities are stored in
security.* namespace, while `user_xattr` only affects the user.*
namespace.
> One funny thing is that 'man capabilities' says:
> "The file capability sets are stored in an extended attribute (see
> setxattr(2)) named security.capability."
>
> 'attr -l /usr/bin/ping' lists 'capability' as an attribute, however
> neither 'attr -g capability /usr/bin/ping' or 'attr -g
> security.capability /usr/bin/ping' can get the stored value. 'getcap
> /usr/bin/ping' does return the correct value.
The `attr` tool, coming from XFS, deals /only/ with attributes in the
user.* namespace. `attr -g security.capability` will try to show you
"user.security.capability".
Use `getfattr` for the rest:
$ getfattr -d -m "-" ping
# file: ping
security.capability=0sAQAAAgAgAAAAAAAAAAAAAAAAAAA=
See attr(5) for xattr namespaces.
--
Mantas Mikulėnas
More information about the arch-general
mailing list