[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20061114052531.GA20915@sergelap.austin.ibm.com>
Date: Mon, 13 Nov 2006 23:25:31 -0600
From: "Serge E. Hallyn" <serue@...ibm.com>
To: "Bill O'Donnell" <billodo@....com>
Cc: Chris Friedhoff <chris@...edhoff.org>,
"Serge E. Hallyn" <serue@...ibm.com>, linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org,
Stephen Smalley <sds@...ho.nsa.gov>,
James Morris <jmorris@...ei.org>,
Chris Wright <chrisw@...s-sol.org>,
Andrew Morton <akpm@...l.org>,
KaiGai Kohei <kaigai@...gai.gr.jp>,
Alexey Dobriyan <adobriyan@...il.com>
Subject: Re: [PATCH 1/1] security: introduce fs caps
Quoting Bill O'Donnell (billodo@....com):
> On Thu, Nov 09, 2006 at 10:33:49AM +0100, Chris Friedhoff wrote:
> | Page http://www.friedhoff.org/fscaps.html updated ...
> | Kernel 2.6.18.2 updated ...
> | System keeps on humming ...
> | Is anyone else using/testing the patch? Please give feedback ...
>
> Most likely a cockpit error, but I'm having trouble when I give the
> capability to ping (using the userexample from your fscaps page):
>
> $ uname -a
> Linux certify 2.6.19-rc3 #3 SMP PREEMPT Mon Nov 13 14:40:54 CST 2006 ia64
>
> $ sudo chmod 711 /bin/ping
> $ ping -c 1 localhost
> ping: icmp open socket: Operation not permitted
>
> $ sudo setfcaps cap_net_raw=ep /bin/ping
> /bin/ping: Function not implemented (errno=38)
>
> Any help is appreciated.
Hmm, two things which come to mind are (a) do you have extended
attributes compiled into your kernel and (b) is sudo properly set
up.
But for (a) to be the case, you should be getting EOPNOTZSPUP (98),
not ENOSYS (38).
Could you send me a copy of your .config, tell me which filesystem
you are using, and send the /tmp/straceout after doing
strace -o/tmp/straceout -f setfcaps cap_net_raw=ep /bin/ping
as root?
thanks,
-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists