-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10/29/2010 07:18 AM, Daniel P. Berrange wrote:
On Fri, Oct 29, 2010 at 02:32:52PM +0530, Rahul Sundaram wrote:
On Fri, Oct 29, 2010 at 2:26 PM, Daniel P. Berrange wrote:
You want the libcap-ng-utils RPMs which provides a bunch of useful tools for this, filecap, netcap, pscap, etc.
Is there any particular reason, the regular tools that users already use cannot be modified to display the appropriate info, like SELinux and -Z argument.
In theory there's nothing preventing this. Deciding on/defining a concise display of capabilities info that doesn't mess up the formatting of ps/ls/etc is even tricker than with SELinux -Z because of the length of capabilities to display. eg, pscap for dhclient which has just 5 capabilities is showing
'dac_override, net_bind_service, net_admin, net_raw, sys_admin'
There are 32 possible capabilites, so you'll quickly exceed the width of terminals just listing capabilities, in this format. You could try and decide on shortened names to < 5 characters each, but it isn't going to be so readable, nor very short for lots of caps
Regards, Daniel
BTW I believe we now have > 32 capabilities, I believe there can now be upto 64 capabilities, although I think there are only a couple added to the second bitmask so far.