[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: unable to include capability.h

Steve Grubb wrote:
On Friday 12 June 2009 09:02:39 am Daniel Lezcano wrote:
As I only need the CAP_SYS_BOOT, I will define it manually in the source
code and will remove the include, that's ugly but anyway... :/

Alternately....as of today, libcap-ng is now in Fedora. It has a far simpler API and you should be able to do things in 2-3 lines of code. For example, if you wanted to use it to retain only CAP_SYS_BOOT, the code would be:


You're done. If you know you application has no children, then you would want to change the last line to use CAPNG_SELECT_BOTH so that the bounding set is cleared. libcap-ng has 1 relocation and libcap has 35, so it starts up faster. Its also smaller in size and has better analysis tools.

More info can be found here:

I'll be setting up a Fedora 12 project in the next few days to drop privs everywhere.
Interesting. Thanks for the information.

 -- Daniel

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]