Question

  #include <stdio.h>
  #include <sys/types.h>
  #include <sys/stat.h>
  #include <fcntl.h>
  #include <sys/capability.h>
  #include <sys/types.h>
  #include <unistd.h>

  void listCaps1(void)
 {
    cap_t caps = cap_get_proc();
    ssize_t y = 0;
    printf("The process %d was give capabilities %s\n",(int) getpid(), 
           cap_to_text(caps, &y));
    fflush(0);
    cap_free(caps);
  }

 int main(void)
 {
    int fd;

    cap_t caps = cap_init();

    listCaps1();
    cap_free(caps);
    fd = open("/home/robot/test.txt",O_RDONLY);

    if(-1 == fd){
            perror("can't open\n");
    }else{
            printf("open sucesss\n");

    }
    while(1)
    ;
}

我将按照以下方式设置root：

[root@MEI-0 ]

setcap CAP_DAC_OVERRIDE+eip cd

run by non-root,like

[_ nokrcpsysccs @ MEI-0]

./cd

日志输出如下：授予27142的流程capabilities = cap_dac_override+ep无法打开：权限被拒绝

我的问题是为什么该流程无法访问目录/home/robot/test.txt

关于CAP_DAC_OVERRIDE的能力

0 个答案: