how to install and setup cap from p4?

[Ilmar S. Habibulin]

On Tue, 8 Jan 2002, Brian F. Feldman wrote:

> There are two problems which you will have to solve to get this working
> (both easy, of course).  First, you must have extended attributes on your
> filesystems set up for system/posix1e.cap; you can see how to do this from
> the documentation in src/sys/ufs.  Turning on extattr autostarting for UFS
> is also a very good plan here :)
They are turned on, i have ACL too. And i've even made the backing storage
for capabilities. But i can't use it with standard kernel - i need kernel
with capabilities. And it doesn't boot to multiuser. It stops at
singleuser with root mounted readonly. And i'm unable to do any
privileged operation. sysctl, mount - everything is not permitted.

> Second, after you have a system with posix1e.cap extended attributes set up,
> install world again to get install(1) to set persistent capability flags on
> any pertinent files.  After the files have these attributes (i.e., "getfcap
> -m /bin/true" should give you "all=ei:CAP_SETPCAP="), your system should
> have inheritence permitted for the system binaries, and you should be able
> to use the base system with capabilities.
I know that. I've tested Thomas' patches somehow.

> I hope this helps!
Now i've reinstalled the fresh fbsd snap and i'll try to install
capability enabled kernel again from the latest sources. maybe it was some
mid-commit situation.
If i fail i'll be back ;-)



To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message