Granting a capability to a service

Andrew Lutomirski luto at
Mon Jul 20 19:45:28 UTC 2015

On Mon, Jul 20, 2015 at 12:26 PM, Steve Grubb <sgrubb at> wrote:
> On Monday, July 20, 2015 11:09:39 AM Andrew Lutomirski wrote:
>> On Jul 20, 2015 11:05 AM, "Florian Weimer" <fweimer at> wrote:
>> > On 07/20/2015 05:59 PM, Steve Grubb wrote:
>> > > Today, any application that wants to manipulate capabilities needs to be
>> > > capability aware.
>> >
>> > The application does not want to manipulate capabilities.  I do not want
>> > to run it as full root.  I don't want to add additional SUID/fscaps to
>> > the file system.
>> >
>> > It's somewhat silly to add a privilege escalation hatch to the file
>> > system in order to run a daemon with *reduced* privileges.
>> This is exactly why the ambient caps patch is sitting in -mm.  If you want
>> to read it and email a quick review, that might help it along.  :)
> The real problem with capabilities is there is no way to say, I trust this
> child process with this capability, but don't let it get inherited beyond this
> process that I'm about to start.

Why would you want to do that?  That sounds like a use for LD_PRELOAD.


More information about the devel mailing list