https://bugzilla.novell.com/show_bug.cgi?id=550021
https://bugzilla.novell.com/show_bug.cgi?id=550021#c49
--- Comment #49 from Jan Engelhardt
You could help a lot if you did find the related equivalent privileges for the following privs from OpenSolaris:
PRIV_FILE_DAC_READ any local "file" can be read (needed to open /dev/sg or similar) PRIV_FILE_DAC_WRITE any local "file" can be written (needed to open /dev/sg or similar)
CAP_DAC_OVERRIDE.
PRIV_SYS_DEVICES allow special device specific calls that use additional privileges. Needed to be able to send _any_ SCSI command to any device. This is needed in addition to be able to open(2) device nodes.
CAP_SYS_RAWIO.
PRIV_PROC_LOCK_MEMORY allow to lock any current and future (to be allocated) memory in core. On Linux this may need additional privs related to setrlimit(2).
CAP_IPC_LOCK for mlock; CAP_SYS_RESOURCE for setrlimit.
PRIV_PROC_PRIOCNTL allow to enhance process scheduling priority to any value
CAP_SYS_NICE
PRIV_NET_PRIVADDR allow to bind to sockets with a port number < 1024.
CAP_NET_BIND_SERVICE. This one you will have noticed from my attached sample program.
Solaris distincts between "effective", "permitted" and "inheritable" privs. Is this also true for Linux?
It is.
Is the fcaps feature valid for all filesystem types and is it always part of the most limited install variant?
For all filesystems that can store xattrs. But it will be most relevant for the filesystem that the cdrecord and companion programs will reside on, which is usually some Linuxish filesystem (ext4,xfs,etc.) capable of holding xattrs. fscaps is always present with SUSE. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.