No announcement yet.

Two non-working uses of kernel capabilities

  • Filter
  • Time
  • Show
Clear All
new posts

  • Two non-working uses of kernel capabilities

    I've been playing with kernel capabilities both in Ubuntu 17.10 and Fedora 26 and I've found two issues. I don't know if they are bugs or I'm doing something I ask here to be enlightened :-) . Thanks in advance!:

    1.- CAP_KILL capability doesn't work.

    If I do setcap cap_kill=eip /usr/bin/kill and then I try to kill any process belonging to another user, I can't. I should, right?

    2.-Pam_cap doesn't work

    If I do setcap cap_net_raw=ip /usr/bin/ping , next I put the line "auth required" in /etc/pam.d/common-auth (or similar file) and finally I put the line "cap_net_raw john" above the line "none *" in /etc/security/capability.conf , : in theory only john should be able to do pings but every user can do them. Am I missing something?

    Thanks a lot

    PD: Documentation of in Fedora is NULL. Please...a little more care...