linux-capabilities

I'm wondering if there is any possibility to run Scapy's 'sniff(...)' without root priveleges. It is used in an application, where certain packages are captured. But I don't want to run the whole application with root permissions or change anything on scapy itselfe. Thanks in advance! EDIT: For testing I use following code: from scapy.all import * def arp_monitor_callback(pkt): if ARP in pkt and pkt[ARP].op in (1,2): #who-has or is-at return pkt.sprintf("%ARP.hwsrc% %ARP.psrc%") sniff(prn=arp_monitor_callback, filter="arp", store=0) I'm only able to run it using sudo. I tried to set

I am in a difficult situation where I don't know what linux capabilities a process requires to work. What is the best way, or any way to find out what cap is required? The only thing I can think of right now is using capsh and drop all caps on a process. The process then fails and I start to add caps (by removing --drop=CAP_XZY) until it works. Any better suggestions? Another method, that I've come across a while ago in this blog post by Brendan Gregg is to use capabilities tracer - capable . Below is a sample output: $ sudo /usr/share/bcc/tools/capable TIME UID PID COMM CAP NAME AUDIT 11:31

I want to make system usable without setuid , file "+p" capabilities, and in general without things which are disabled when I set PR_SET_NO_NEW_PRIVS . With this approach ( init sets PR_SET_NO_NEW_PRIVS and filesystem-based capability elevation no longer possible) you cannot "refill" your capabilities and only need to be careful not to "splatter" them. How to execve some other process without "splattering" any granted capabilities (such as if the new program's file is setcap =ei )? Just "I trust this new process as I trust myself". For example, a capability is given to a user (and the user

If I am running a container in privileged mode, does it have all the Kernel capabilities or do I need to add them separately? buddy123 Running in privileged mode indeed gives the container all capabilities. But it is good practice to always give a container the minimum requirements it needs. If you look at Docker docs they also refer to this flag: Full container capabilities (--privileged) The --privileged flag gives all capabilities to the container, and it also lifts all the limitations enforced by the device cgroup controller. In other words, the container can then do almost everything that

I use LD_LIBRARY_PATH to set the path of a certain user library for an application. But if I set capabilities on this application sudo setcap CAP_NET_BIND_SERVICE=eip myapplication then LD_LIBRARY_PATH seems to be ignored. When I launch the program, Linux complains that it cannot find a certain shared library. I guess that there's some kind of protection kicking in, to prevent applications with extended rights from being hijacked. Is there a workaround? As already stated in other answers, this behavior is intended. There is some kind of workaround if you can compile (or at least link) the

There appears to be support for fine-grained capabilities in Linux kernel, which allows granting privileges to a process to do things like, for example, opening raw sockets or raising thread priority without granting the process root privileges. However what I'd like to know if there is a way to grant per-user capabilities. That is, allow non-root and non-suid processes to acquire those capabilities. There's limits.conf, it is possible to restrict some resources for a user or a group through it. Check out man limits.conf It can sort of be done with libcap - it provides a PAM module pam_cap.so.