how to install and setup cap from p4?
Brian F. Feldman
green at FreeBSD.org
Wed Jan 9 18:21:25 GMT 2002
"Brian F. Feldman" <green at FreeBSD.org> wrote:
> "Ilmar S. Habibulin" <ilmar at watson.org> wrote:
> >
> > Well, i tried "make world kernel KERNCONF=MYKERNEL" with "options
> > CAPABILITIES" and got unbootable to multiuser system. I can't even mount
> > filesystems - access is denied(operation not permitted).
> > I'll try to figure it out, but maybe there is some guide?
>
> There are two problems which you will have to solve to get this working
> (both easy, of course). First, you must have extended attributes on your
> filesystems set up for system/posix1e.cap; you can see how to do this from
> the documentation in src/sys/ufs. Turning on extattr autostarting for UFS
> is also a very good plan here :)
>
> Second, after you have a system with posix1e.cap extended attributes set up,
> install world again to get install(1) to set persistent capability flags on
> any pertinent files. After the files have these attributes (i.e., "getfcap
> -m /bin/true" should give you "all=ei:CAP_SETPCAP="), your system should
> have inheritence permitted for the system binaries, and you should be able
> to use the base system with capabilities.
>
> I hope this helps!
These are the exact steps I followed in setting up my system, at least, with
the exception of really one thing: I set
kern.security.bsd.suser_compat_hack_enabled=1 in my /boot/loader.conf.
Other than this, I don't know what the problem could be (except that somehow
the binaries might not have the proper capabilities set on them....)
I went from a -CURRENT system and upgraded to a TrustedBSD-CAP system, so I
know for certain I made the upgrade path work...
--
Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! /
green at FreeBSD.org `------------------------------'
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list