port to POSIX capabilities API via libcap

Bug #1087134 reported by Mike Miller on 2012-12-06
This bug affects 1 person
Affects Status Importance Assigned to Milestone
James Hunt

Bug Description

Procenv currently uses prctl to get Linux process capabilities. This limits use to linux >= 2.6.25. Effect is no capabilities information on RHEL5, for example.

A more compatible / well-defined / backport-friendly alternative would be to use the POSIX capabilities API through the libcap or libcap-ng libraries. I can hack on this when I get a free moment, but let me know if you'd object to such a change.

James Hunt (jamesodhunt) wrote :

Hi Mike,

Thanks for the offer! I don't have any objections as long as it doesn't stop it working on the platforms its already running on :-)

Changed in procenv:
status: New → Confirmed
Mike Miller (mtmiller) wrote :

Cool, I'll look into it. It's not a high priority for me, but I notice right away that the capabilities section is completely blank for RHEL5.

Mike Miller (mtmiller) wrote :

So I looked again at the way capabilities are queried in procenv and did some re-reading of capabilities(7). I wonder now what you intend to show in this function.

Do you want to show capabilities that the process actually has enabled or capabilities that it has in its bounding set that it could potentially enable in itself or a child process? When I run procenv in my terminal I know I do not have any capabilities enabled, but it shows all capabilities as "yes" because they are not masked out of my bounding set.

I originally reported this assuming the former, but procenv currently reports the latter.

James Hunt (jamesodhunt) wrote :

Hi Mike - I've now added POSIX capabilities to procenv v0.33.

Changed in procenv:
status: Confirmed → Fix Released
assignee: nobody → James Hunt (jamesodhunt)
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers