Any debugfs command to set file capability?

Help
D S
2014-03-06
2014-03-12
  • D S

    D S - 2014-03-06

    I need an executable inside an ext2 loop filesystem to have the CAP_NET_ADMIN (cap_net_admin) file capability set.

    If it is possible with debugfs, what exactly would be the commands I would type in?

    If not possible with debugfs, is there another tool or way to do this?

    This would be equivalent to the libcap command:
    setcap cap_net_admin+ep {executable}

     
    Last edit: D S 2014-03-06
  • D S

    D S - 2014-03-12

    Found patches that may go into the next version of debugfs which works great!
    Especially the ability to dump out to an outfile (ea_get {file} security.capability -f {outfile}) the known security.capability values of a preset file.
    Then you use ea_set (ea_set {file} security.capability -f {infile}) to set any other files to the preset capability.
    I think you also need to set before you start if it is not there:
    feature ext_attr

    Patches will require your hands to get dirty, but it starts from:
    http://lists.openwall.net/linux-ext4/2014/03/02/1

     
    Last edit: D S 2014-03-12
  • Theodore Ts'o

    Theodore Ts'o - 2014-03-12

    Newer versions of these patches have been applied to the git tree, on the "next" branch. Note that this is bleeding-edge development code, so please take care (and thanks in advance if you find any bugs, and apologies in advance if it causes any damage to your production systems. :-)

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks