how to install and setup cap from p4?

[Brian F. Feldman]

"Ilmar S. Habibulin" <ilmar at watson.org> wrote:
> 
> Well, i tried "make world kernel KERNCONF=MYKERNEL" with "options
> CAPABILITIES" and got unbootable to multiuser system. I can't even mount
> filesystems - access is denied(operation not permitted).
> I'll try to figure it out, but maybe there is some guide?

There are two problems which you will have to solve to get this working 
(both easy, of course).  First, you must have extended attributes on your 
filesystems set up for system/posix1e.cap; you can see how to do this from 
the documentation in src/sys/ufs.  Turning on extattr autostarting for UFS 
is also a very good plan here :)

Second, after you have a system with posix1e.cap extended attributes set up, 
install world again to get install(1) to set persistent capability flags on 
any pertinent files.  After the files have these attributes (i.e., "getfcap 
-m /bin/true" should give you "all=ei:CAP_SETPCAP="), your system should 
have inheritence permitted for the system binaries, and you should be able 
to use the base system with capabilities.

I hope this helps!

-- 
 Brian Fundakowski Feldman           \  FreeBSD: The Power to Serve!  /
 green at FreeBSD.org                    `------------------------------'



To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message