[arch-general] must be root to ping?
Mauro Santos
registo.mailling at gmail.com
Sat Jul 14 16:38:48 EDT 2012
On 14-07-2012 19:02, Mantas Mikulėnas wrote:
> On Sat, Jul 14, 2012 at 7:35 PM, Mauro Santos
> <registo.mailling at gmail.com> wrote:
>> I'm not sure if mounting with nouser_xattr might have some influence.
>
> Unlikely. As you noted below, the capabilities are stored in
> security.* namespace, while `user_xattr` only affects the user.*
> namespace.
>
>> One funny thing is that 'man capabilities' says:
>> "The file capability sets are stored in an extended attribute (see
>> setxattr(2)) named security.capability."
>>
>> 'attr -l /usr/bin/ping' lists 'capability' as an attribute, however
>> neither 'attr -g capability /usr/bin/ping' or 'attr -g
>> security.capability /usr/bin/ping' can get the stored value. 'getcap
>> /usr/bin/ping' does return the correct value.
>
> The `attr` tool, coming from XFS, deals /only/ with attributes in the
> user.* namespace. `attr -g security.capability` will try to show you
> "user.security.capability".
>
> Use `getfattr` for the rest:
>
> $ getfattr -d -m "-" ping
> # file: ping
> security.capability=0sAQAAAgAgAAAAAAAAAAAAAAAAAAA=
>
> See attr(5) for xattr namespaces.
>
Mystery solved :) I missed the pattern option for getfattr, so the "I'm
missing something" applies, as is usually the case.
--
Mauro Santos
More information about the arch-general
mailing list