I tried to run a simple python UDP echo-server listening on Port 507 inside a docker container that uses a non-root user. The Dockerfile looks like this: FROM docker.io/centos RUN yum -y install...

I want to make system usable without setuid, file "+p" capabilities, and in general without things which are disabled when I set PR_SET_NO_NEW_PRIVS. With this approach (init sets PR_SET_NO_NEW_PR...

I'm trying to write a program which requires elevated capabilities (rather than simply run it with sudo). However, none of the capabilities I set using setcap seem to transfer into the process once...

I use LD_LIBRARY_PATH to set the path of a certain user library for an application. But if I set capabilities on this application sudo setcap CAP_NET_BIND_SERVICE=eip myapplication then LD_LIBRA...

Can somebody please explain to me how to use or set CAP_SYS_ADMIN in c? I need that capability to unmount a usb drive but don't know how to use it.

TL;DR: Why are cap_net_raw, cap_net_admin capabilities only working in /usr/bin (or /usr/sbin), but not other places? Can this be configured someplace? I'm having problems assigning capabilities t...

How does one make an RPM which sets the POSIX capabilities of a file? If I try doing rpmbuild as a non-root user then I get an error when my makefile's install hooks try to run setcap, but if I don...

I am reading output from another process which generates output (slow and infinite). Because I want to read this data in real-time I use "stdbuf -oL" (line-buffered, data is text). I do not have co...

There appears to be support for fine-grained capabilities in Linux kernel, which allows granting privileges to a process to do things like, for example, opening raw sockets or raising thread ...

In a C program, you can edit your capabilities with cap_set_proc from libcap. How can I achieve the same in a Perl program?

I'm using Linux POSIX mqueue implementation, and I have a problem. For current kernel, the max message size is 1MB, but I need to have no limit. man mq_overview says that if the process is privile...

I'm trying to write a daemon that will start as root using a setuid bit, but then quickly revert to the user running the process. The daemon, however needs to retain the ability to set new threads ...