linux-capabilities Questions
2
Solved
I was trying to run my pod as non root and also grant it some capabilities.
This is my config:
containers:
- name: container-name
securityContext:
capabilities:
add: ["SETUID", "...
Crone asked 5/7, 2022 at 15:54
3
Solved
On Linux systems root privileges can be granted more selectively than adding the setuid bit using file capabilities. See capabilities(7) for details. These are attributes of files and can be read u...
Oldtime asked 4/2, 2014 at 18:48
3
Solved
In my custom environment an interceptor library is preloaded which runs a special implementation of bind(), connect(), etc. calls.
The problem I see is whenever an application is explicitly enabled...
Anthracosis asked 5/8, 2013 at 12:40
5
Solved
I am in a difficult situation where I don't know what Linux capabilities a process requires to work.
What is the best way, or any way, to find out what capability is required?
The only thing I can ...
Brindabrindell asked 17/2, 2016 at 22:27
4
Solved
If I am running a container in privileged mode, does it have all the Kernel capabilities or do I need to add them separately?
Cassiani asked 5/4, 2016 at 11:33
4
Solved
Is it possible to add a capability (for ex: NET_ADMIN) after the container has actually started?
I started a container few days ago and a service provided by it is being used by several other proc...
Ressieressler asked 4/8, 2016 at 4:44
2
Solved
Newer versions of docker (I think 1.2 and later) have a --cap-add feature.
This gives fine grained control of feature capabilities without opening up everything with --privileged=true.
I've googl...
Alumna asked 18/6, 2015 at 2:46
25
Solved
It's very annoying to have this limitation on my development box, when there won't ever be any users other than me.
I'm aware of the standard workarounds, but none of them do exactly what I want:
...
Warram asked 5/1, 2009 at 17:9
1
Context
I've done a java library that uses a C library with JNI.
The C library is compiled in linux into a .so file. This library needs cap_net_raw capabilities.
Goal
Execute a java process without...
Burlesque asked 28/12, 2020 at 13:43
1
Solved
I'm using Ubuntu 18.04 Desktop. Here are more details about my question.
Recently, I'm writing some test code that wants to do this: when it is run as a non-privileged user, the test code tries to ...
Awful asked 22/1, 2021 at 22:5
1
Solved
Background: I am running a docker container which needs to load/remove a kernel module which makes USB devices attached to a remote server available on the host which I then want to make available ...
Claybourne asked 15/3, 2021 at 9:17
1
Solved
chroot needs CAP_SYS_CHROOT according to the manual. The unshare command uses chroot.
The command unshare -UrR newroot/ will work without being run as root, which makes sense since the -r flag make...
Beverage asked 8/10, 2020 at 1:28
1
Solved
The docker compose file reference describes the cap_add and cap_drop elements in a rather terse fashion:
Add or drop container capabilities. See man 7 capabilities for a full list.
Do these eleme...
Massimiliano asked 29/7, 2020 at 21:26
6
Solved
I am debugging a program that makes use of libnetfilter_queue. The documentation states that a userspace queue-handling application needs the CAP_NET_ADMIN capability to function. I have done this ...
Vacillating asked 5/12, 2010 at 2:37
2
Solved
I'm working on limiting capabilities of an existing, complex application and I have been searching for a while for a credible source proving that
permissions included in cap_dac_override are a supe...
Halfandhalf asked 18/1, 2018 at 20:24
2
Solved
The second example policy from the PodSecurityPolicy documentation consists of the following PodSecurityPolicy snippet
...
spec:
privileged: false
# Required to prevent escalations to root.
all...
Puentes asked 15/11, 2018 at 21:23
4
In Linux system, an unprivileged user launches a program. The process created has the capabilities CAP_NET_RAW,CAP_NET_ADMIN with mode as effective,permitted,inheritable.
This process then creates ...
Prickle asked 27/5, 2011 at 15:28
2
Solved
Trying to set cap_setgid,cap_setuid,cap_setpcap.
#include <sys/types.h>
#include <sys/capability.h>
int main()
{
cap_t caps;
caps = cap_get_proc();
cap_value_t cap_list[2];
cap_l...
Louiselouisette asked 27/8, 2012 at 11:50
1
Solved
I have a Qt project that uses a plugin interface which compiles fine on my system. However, when the same project is compiled inside docker it stopped working with Qt 5.10.1, giving the messageErro...
Clausewitz asked 26/2, 2018 at 19:34
2
Solved
I'm wondering if there is any possibility to run Scapy's 'sniff(...)' without root priveleges.
It is used in an application, where certain packages are captured. But I don't want to run the whole ...
Lubber asked 25/3, 2016 at 6:36
1
Solved
I removed the setuid bit from the ping binary and added cap_net_raw+p instead as follows:
$ chmod 755 /bin/ping
$ setcap cap_net_raw+p /bin/ping
Then I ran ping in one terminal and checked the /...
Parrett asked 5/9, 2017 at 16:1
1
I'm running Nginx in a Docker container, and I would like to drop as many Linux capabilities as possible, for security reasons.
Which capabilities can I then drop?
The image is similar to the sta...
Carbajal asked 18/4, 2017 at 8:50
2
Solved
My program is being run with cap_sys_admin,cap_setgid+i.
Of course, I understand that they are inheritable across execve, but beside that : does they behave the same way as if I don’t have them at ...
Rhody asked 12/5, 2017 at 0:52
3
Solved
I'm trying to compile the following minimal C code on ubuntu 10.10:
#include <sys/capability.h>
void main(void)
{
cap_t cap;
cap = cap_get_proc();
}
with gcc -lcap test.c which gives me...
Lanyard asked 1/12, 2011 at 8:27
4
Are the Linux capabilities (libcap.so) library available for use with Android? If not, how can I compile it?
I would like to use the capabilities-related API in sys/capabilities.h, which is inclu...
Disrelish asked 30/12, 2010 at 21:34
1 Next >
© 2022 - 2024 — McMap. All rights reserved.