-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/29/2010 07:18 AM, Daniel P. Berrange wrote:
On Fri, Oct 29, 2010 at 02:32:52PM +0530, Rahul Sundaram wrote:
> On Fri, Oct 29, 2010 at 2:26 PM, Daniel P. Berrange wrote:
>
>>
>>
>> You want the libcap-ng-utils RPMs which provides a bunch of useful tools
>> for this, filecap, netcap, pscap, etc.
>>
>
> Is there any particular reason, the regular tools that users already use
> cannot be modified to display the appropriate info, like SELinux and -Z
> argument.
In theory there's nothing preventing this. Deciding on/defining a concise
display of capabilities info that doesn't mess up the formatting of
ps/ls/etc is even tricker than with SELinux -Z because of the length of
capabilities to display. eg, pscap for dhclient which has just 5 capabilities
is showing
'dac_override, net_bind_service, net_admin, net_raw, sys_admin'
There are 32 possible capabilites, so you'll quickly exceed the width
of terminals just listing capabilities, in this format. You could try
and decide on shortened names to < 5 characters each, but it isn't
going to be so readable, nor very short for lots of caps
Regards,
Daniel
BTW I believe we now have > 32 capabilities, I believe there can now be
upto 64 capabilities, although I think there are only a couple added to
the second bitmask so far.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org/
iEYEARECAAYFAkzKvB0ACgkQrlYvE4MpobOhmACfQu3x6cGE1BFvHE2XUpzJ8A96
6C0An22WAQG7Zym240DZ9mAD0nugVoUe
=0uSf
-----END PGP SIGNATURE-----