Timeline for How do I use capsh: I am trying to run an unprivileged ping, with minimal capabilities
Current License: CC BY-SA 4.0
7 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jan 7, 2021 at 13:44 | comment | added | Shuzheng | Quoting man capabiltiies: A child created via fork(2) inherits copies of its parent's capability sets. | |
| Jan 7, 2021 at 13:37 | comment | added | Shuzheng | Unfortunately these capabilities are bound to the executed file and are not retained after executing a new child process. - by child process I normally think of fork(2), which does inherit the capabilities. Only execve(2) doesn't inherit the capabilities, but it doesn't create a child process. Am I wrong? | |
| Apr 11, 2020 at 13:54 | comment | added | Lekensteyn | @把友情留在无盐 When the answer was originally written, only git master supported it. Since then, libcap 2.26 has been released with support for the --addamb option. I have updated the answer accordingly. | |
| Apr 11, 2020 at 13:53 | history | edited | Lekensteyn | CC BY-SA 4.0 | clarify which version support addamb |
| Apr 11, 2020 at 12:23 | comment | added | 越鸟巢南枝 | Which specific version number of libcap since have capsh --addamb? 2.32 release notes mentioned new capsh features, but the words were vague. | |
| Oct 26, 2019 at 11:00 | history | edited | Stephen Kitt | CC BY-SA 4.0 | There have recently been releases of libcap, none yet in Debian though. |
| Aug 16, 2016 at 14:27 | history | answered | Lekensteyn | CC BY-SA 3.0 |