Here's a different attempt: # execcap "all+eip cap_setpcap-eip" /bin/bash # /sbin/getpcaps $$ Capabilities for `15044': =eip cap_setpcap-eip # sucap vorlon vorlon /bin/bash Caps: =eip cap_setpcap-eip Caps: =i cap_setpcap-i [debug] uid:1000, real uid:1000 sucaps: capsetp: Operation not permitted sucap: child did not exit cleanly. #
So as root I can manually spawn a shell that has the inheritable bits set, but when running sucap, *only* the inheritable bits are copied, the effective/permitted bits are not, so trying to set them in the child process fails. Looks broken to me? Thanks, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
