iodine icon indicating copy to clipboard operation
iodine copied to clipboard

Published 20 hours ago verified publisher icon yarrick

Linux capabilities

Open pfactum opened this issue 2 years ago • 4 comments

Address #80.

pfactum avatar Oct 17 '22 12:10 pfactum

This feels very Linux-specific. What do you think about adding a new argument flag that skips the check, and then it is up to the user to make it work anyway

yarrick avatar Oct 26 '22 21:10 yarrick

If we do it like this I think it makes sense to exit only after all checks are done, so that the user does not keep getting new errors after fixing the first one.

capng_get_caps_process failure should fall back to the old uid 0 check also I think

yarrick avatar Oct 26 '22 21:10 yarrick

This feels very Linux-specific. What do you think about adding a new argument flag that skips the check, and then it is up to the user to make it work anyway

That can be an additional argument that does not intersect with proposed changes. Proposed changes allow more granular capabilities checking and reporting.

pfactum avatar Nov 02 '22 18:11 pfactum

If we do it like this I think it makes sense to exit only after all checks are done, so that the user does not keep getting new errors after fixing the first one.

Thanks for the suggestion, forced-pushed with this change, please check.

capng_get_caps_process failure should fall back to the old uid 0 check also I think

Nope. Having UID 0 doesn't guarantee having all the required capabilities. On Linux root (UID 0) can also be restricted.

pfactum avatar Nov 02 '22 18:11 pfactum