Skip to content
This repository has been archived by the owner on Oct 10, 2020. It is now read-only.

util: add list of capabilities #1130

Closed

Conversation

giuseppe
Copy link
Collaborator

the capsh approach doesn't work on RHEL as the version of libcap is not
updated and doesn't know all the possible capabilities available on the
system. This is the output I get with getpcaps on RHELAH 7.4.2:

Capabilities for `1': = cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,35,36+ep

Fallback to the capsh method if there will be more capabilities that we
know of, and hopefully libcap does.

Signed-off-by: Giuseppe Scrivano [email protected]

the capsh approach doesn't work on RHEL as the version of libcap is not
updated and doesn't know all the possible capabilities available on the
system.  This is the output I get with getpcaps on RHELAH 7.4.2:

Capabilities for `1': = cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,35,36+ep

Fallback to the capsh method if there will be more capabilities that we
know of, and hopefully libcap does.

Signed-off-by: Giuseppe Scrivano <[email protected]>
@giuseppe giuseppe requested a review from rhatdan December 4, 2017 17:11
@rhatdan
Copy link
Member

rhatdan commented Dec 5, 2017

LGTM

@rhatdan
Copy link
Member

rhatdan commented Dec 5, 2017

@rh-atomic-bot r+

@rh-atomic-bot
Copy link

📌 Commit f3e96e0 has been approved by rhatdan

@rh-atomic-bot
Copy link

⌛ Testing commit f3e96e0 with merge b273208...

rh-atomic-bot pushed a commit that referenced this pull request Dec 5, 2017
the capsh approach doesn't work on RHEL as the version of libcap is not
updated and doesn't know all the possible capabilities available on the
system.  This is the output I get with getpcaps on RHELAH 7.4.2:

Capabilities for `1': = cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,35,36+ep

Fallback to the capsh method if there will be more capabilities that we
know of, and hopefully libcap does.

Signed-off-by: Giuseppe Scrivano <[email protected]>

Closes: #1130
Approved by: rhatdan
@rh-atomic-bot
Copy link

💔 Test failed - status-papr

@giuseppe
Copy link
Collaborator Author

giuseppe commented Dec 5, 2017

@rh-atomic-bot retry

@rh-atomic-bot
Copy link

⌛ Testing commit f3e96e0 with merge 939c61c...

rh-atomic-bot pushed a commit that referenced this pull request Dec 5, 2017
the capsh approach doesn't work on RHEL as the version of libcap is not
updated and doesn't know all the possible capabilities available on the
system.  This is the output I get with getpcaps on RHELAH 7.4.2:

Capabilities for `1': = cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,35,36+ep

Fallback to the capsh method if there will be more capabilities that we
know of, and hopefully libcap does.

Signed-off-by: Giuseppe Scrivano <[email protected]>

Closes: #1130
Approved by: rhatdan
@rh-atomic-bot
Copy link

💔 Test failed - status-papr

@rhatdan
Copy link
Member

rhatdan commented Dec 5, 2017

@rh-atomic-bot retry

@rh-atomic-bot
Copy link

⌛ Testing commit f3e96e0 with merge 50b0df1...

@rh-atomic-bot
Copy link

☀️ Test successful - status-papr
Approved by: rhatdan
Pushing 50b0df1 to master...

eyusupov pushed a commit to eyusupov/atomic that referenced this pull request Mar 10, 2018
the capsh approach doesn't work on RHEL as the version of libcap is not
updated and doesn't know all the possible capabilities available on the
system.  This is the output I get with getpcaps on RHELAH 7.4.2:

Capabilities for `1': = cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,35,36+ep

Fallback to the capsh method if there will be more capabilities that we
know of, and hopefully libcap does.

Signed-off-by: Giuseppe Scrivano <[email protected]>

Closes: projectatomic#1130
Approved by: rhatdan
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants