In a linux system, a non-root user creates a C++ program/process. This process has the capabilites CAP_DAC_OVERRIDE, CAP_SYS_ADMIN and CAP_SYS_RAWIO with the mode effective, permitted, inheritable. These capabilities are attached to a file which can be read by lxc.
This process calls system("dumpe2fs -h /dev/sda1...") to read information about a partition on a hard disk.
When it calls system("..."), a child process dumpe2fs is created. But the dumpe2fs doesn't seem to inherit the three capabilities as expected.
How can I make a child process inherit the capabilities?
答案 0 :(得分:0)
"When it calls system("..."), a child process dumpe2fs is created."
I believe that system() invokes the default shell and run the dumpe2fs command in it. So, it won't be a child process directly running under the current process as in a fork() call.
You need something like execve function for this.
You might want to take a look at other functions from this family to fulfill your specific requirements: http://man7.org/linux/man-pages/man3/exec.3.html