我正在尝试在ubuntu系统中测试“capset”调用。这是代码:
int cap_mask
cap_header.pid = getpid() ;
cap_header.version = _LINUX_CAPABILITY_VERSION_3;
if( capget(&cap_header, &cap_data) < 0)
{
printf("%s\n", strerror(errno));
exit(EXIT_FAILURE);
}
printf("capheader: %x %d\n", cap_header.version, cap_header.pid);
printf("capdata: %x %x %x\n", cap_data.effective, cap_data.permitted, cap_data.inheritable);
cap_mask |= (1 << CAP_NET_BIND_SERVICE);
cap_data.effective = cap_mask;
cap_data.permitted = cap_mask;
cap_data.inheritable = 0;
if( capset(&cap_header, &cap_data) < 0)
{
printf("%s\n", strerror(errno));
exit(EXIT_FAILURE);
}
printf("%d\n", capget(&cap_header, &cap_data));
printf("capheader: %x %d\n", cap_header.version, cap_header.pid);
printf("capdata: %x %x %x\n", cap_data.effective, cap_data.permitted, cap_data.inheritable);
return 0;
运行二进制文件后,输出为:
capheader: 20080522 24315
capdata: 0 0 0
Operation not permitted
似乎capset失败并显示错误“操作不允许” 如果我评论这一行
/*cap_mask | = (1<< CAP_NET_BIND_SERVICE)*/
呼叫上限集将成功输出:
capheader: 20080522 24464
capdata: 0 0 0
0
capheader: 20080522 24464
capdata: 0 0 0
你知道为什么capset在第一次运行时失败了吗?