Debian Bug Tracking System a écrit : > Your message dated Sun, 4 Feb 2007 17:37:22 +0100 > with message-id <[EMAIL PROTECTED]> > and subject line Bug#409657: libcap-bin, linux-2.6: setting capabilities does > not work with Debian kernels > has caused the attached Bug report to be marked as done. > > This means that you claim that the problem has been dealt with. > If this is not the case it is now your responsibility to reopen the > Bug report if necessary, and/or fix the problem forthwith. > > (NB: If you are a system administrator and have no idea what I am > talking about this indicates a serious mail system misconfiguration > somewhere. Please contact me immediately.) > > Debian bug tracking system administrator > (administrator, Debian Bugs database) > > > > ------------------------------------------------------------------------ > > Sujet: > libcap-bin, linux-2.6: setting capabilities does not work with Debian > kernels > Expéditeur: > Aurelien Jarno <[EMAIL PROTECTED]> > Date: > Sun, 04 Feb 2007 16:55:51 +0100 > Destinataire: > Debian Bug Tracking System <[EMAIL PROTECTED]> > > Destinataire: > Debian Bug Tracking System <[EMAIL PROTECTED]> > > > Package: libcap-bin,linux-2.6 > Severity: grave > Justification: renders package unusable > > The Debian kernels does not give the CAP_SETPCAP capability to the root > user, so the utilities in libcap-bin are not usable. > > In my case this is a problem since the 2.6.18 kernel has added > /dev/net/tun to the CAP_SYS_ADMIN list. This means only the root user can > access this file, whatever the permissions of this file are. setpcaps or > sucap can't change that. This is a regression from the 2.6.17 kernel. > > > -- System Information: > Debian Release: 4.0 > APT prefers unstable > APT policy: (500, 'unstable') > Architecture: amd64 (x86_64) > Shell: /bin/sh linked to /bin/bash > Kernel: Linux 2.6.18-3-amd64 > Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) > > > > ------------------------------------------------------------------------ > > Sujet: > Re: Bug#409657: libcap-bin, linux-2.6: setting capabilities does not > work with Debian kernels > Expéditeur: > Bastian Blank <[EMAIL PROTECTED]> > Date: > Sun, 4 Feb 2007 17:37:22 +0100 > Destinataire: > [EMAIL PROTECTED] > > Destinataire: > [EMAIL PROTECTED] > > > On Sun, Feb 04, 2007 at 04:55:51PM +0100, Aurelien Jarno wrote: >> The Debian kernels does not give the CAP_SETPCAP capability to the root >> user, so the utilities in libcap-bin are not usable. > > It was never available.
That still makes the libcap-bin package unusable. Why ship such a package? If this can't be fixed in the kernel, the libcap-bin package should be removed. >> In my case this is a problem since the 2.6.18 kernel has added >> /dev/net/tun to the CAP_SYS_ADMIN list. This means only the root user can >> access this file, whatever the permissions of this file are. setpcaps or >> sucap can't change that. This is a regression from the 2.6.17 kernel. > > Incorrect. There was a security fix. Now only CAP_SYS_ADMIN is allowed to > create new devices. > > Anyway. Nothing here is a bug. CAP_SETPCAP was never available and > the proposed permissions for this device was 700 before this change (now > they are 666), so no regression. Before it was possible to set the permission manually to 666. This does not work anymore. -- .''`. Aurelien Jarno | GPG: 1024D/F1BCDB73 : :' : Debian developer | Electrical Engineer `. `' [EMAIL PROTECTED] | [EMAIL PROTECTED] `- people.debian.org/~aurel32 | www.aurel32.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
