|
|
Log in / Subscribe / Register

A crop of new capabilities

A crop of new capabilities

Posted Jun 11, 2020 2:55 UTC (Thu) by hendry (guest, #50859)
Parent article: A crop of new capabilities

I don't quite understand how binaries are distributed by Linux distributions with these capabilities.

Are any distros leveraging this?

to post comments

A crop of new capabilities

Posted Jun 11, 2020 7:09 UTC (Thu) by zdzichu (subscriber, #17118) [Link]

For example, RPM packages define metadata about files shipped in the package. Owner, permission, ACL, xattrs, capabilities etc. When package is installed, all those attributes are set to match.
This look like following in RPM .spec file:

%attr(0755,root,root) %caps(cap_net_raw=p) %{_bindir}/arping

This way “arping” command can be run without special privileges. Some more information: https://fedoraproject.org/wiki/Features/RemoveSETUID


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds