Issue setting up the DPDK development with non-privileged user

Dmitry Kozlyuk dmitry.kozliuk at gmail.com
Fri Sep 2 16:31:54 CEST 2022

Previous message (by thread): Issue setting up the DPDK development with non-privileged user
Next message (by thread): Issue setting up the DPDK development with non-privileged user
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

2022-09-01 22:26 (UTC+0300), Dmitry Kozlyuk:
> 2022-09-01 17:42 (UTC+0300), Dmitry Kozlyuk:
> > Theoretically, one can enumerate all capabilities, give all capabilities
> > except one to the binary, try to run it, and notice which capability removal
> > leads to a failure. However, `setcap "all=ep $capa-ep" ./binary`
> > did not give the correct answer to me (why?), so I did it semi-manually.  
> 
> Aha! CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH are not orthogonal:
> they both allow bypassing file read permission check.
> 
> I have a working script here: ...

Apparently, a better alternative is already out there:

https://github.com/iovisor/bcc/blob/master/tools/capable_example.txt

Previous message (by thread): Issue setting up the DPDK development with non-privileged user
Next message (by thread): Issue setting up the DPDK development with non-privileged user
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the users mailing list