Package: systemd-homed
Version: 257.2-1
Severity: normal
I expected that setting CAP_SYSLOG as AmbientCapability for a user
is enough to allow the usage of dmesg.
root@iris:~# homectl create --capability-ambient-set=CAP_SYSLOG testuser
���� Please enter new password for user testuser: ������������������
���� Please enter new password for user testuser (repeat): ������������������
root@iris:~# exit
logout
testuser@iris:~$ dmesg
dmesg: read kernel buffer failed: Operation not permitted
The capability is reported properly:
testuser@iris:~$ homectl inspect testuser | grep Cap
Ambient Caps: cap_syslog
But not available in the users shell:
testuser@iris:~$ /usr/sbin/capsh --current
Current: =
Current IAB:
testuser@iris:~$ ps aux | grep testuser | grep bash
testuser 709 0.0 0.2 5696 4240 pts/1 Ss 11:48 0:00 -bash
testuser 723 0.0 0.0 3452 1736 pts/1 S+ 11:51 0:00 grep bash
testuser@iris:~$ cat /proc/709/status | grep Cap
CapInh: 0000000000000000
CapPrm: 0000000000000000
CapEff: 0000000000000000
CapBnd: 000001ffffffffff
CapAmb: 0000000000000000
-- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.12.6-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages systemd-homed depends on:
ii init-system-helpers 1.68
ii libblkid1 2.40.4-1
ii libc6 2.40-5
ii libcap2 1:2.66-5+b1
ii libfdisk1 2.40.4-1
ii libpam-runtime 1.5.3-7
ii libpam0g 1.5.3-7+b1
ii libssl3t64 3.4.0-2
ii libsystemd-shared 257.2-1
ii systemd 257.2-1
ii systemd-userdbd 257.2-1
systemd-homed recommends no packages.
Versions of packages systemd-homed suggests:
ii libcryptsetup12 2:2.7.5-1
ii libidn2-0 2.3.7-2+b1
ii libp11-kit0 0.25.5-3
ii libtss2-rc0t64 4.1.3-1.2
-- no debconf information
