[arch-general] must be root to ping?

Mantas Mikulėnas grawity at gmail.com
Sat Jul 14 14:02:10 EDT 2012

On Sat, Jul 14, 2012 at 7:35 PM, Mauro Santos
<registo.mailling at gmail.com> wrote:
> I'm not sure if mounting with nouser_xattr might have some influence.

Unlikely. As you noted below, the capabilities are stored in
security.* namespace, while `user_xattr` only affects the user.*

> One funny thing is that 'man capabilities' says:
> "The file capability  sets  are  stored  in  an extended attribute (see
> setxattr(2)) named security.capability."
> 'attr -l /usr/bin/ping' lists 'capability' as an attribute, however
> neither 'attr -g capability /usr/bin/ping' or 'attr -g
> security.capability /usr/bin/ping' can get the stored value. 'getcap
> /usr/bin/ping' does return the correct value.

The `attr` tool, coming from XFS, deals /only/ with attributes in the
user.* namespace. `attr -g security.capability` will try to show you

Use `getfattr` for the rest:

$ getfattr -d -m "-" ping
# file: ping

See attr(5) for xattr namespaces.

Mantas Mikulėnas

More information about the arch-general mailing list