c - 为什么在这种情况下linux系统调用“capset”失败?
问题描述
我正在尝试在 ubuntu 系统中测试“capset”调用。这是代码:
int cap_mask
cap_header.pid = getpid() ;
cap_header.version = _LINUX_CAPABILITY_VERSION_3;
if( capget(&cap_header, &cap_data) < 0)
{
printf("%s\n", strerror(errno));
exit(EXIT_FAILURE);
}
printf("capheader: %x %d\n", cap_header.version, cap_header.pid);
printf("capdata: %x %x %x\n", cap_data.effective, cap_data.permitted, cap_data.inheritable);
cap_mask |= (1 << CAP_NET_BIND_SERVICE);
cap_data.effective = cap_mask;
cap_data.permitted = cap_mask;
cap_data.inheritable = 0;
if( capset(&cap_header, &cap_data) < 0)
{
printf("%s\n", strerror(errno));
exit(EXIT_FAILURE);
}
printf("%d\n", capget(&cap_header, &cap_data));
printf("capheader: %x %d\n", cap_header.version, cap_header.pid);
printf("capdata: %x %x %x\n", cap_data.effective, cap_data.permitted, cap_data.inheritable);
return 0;
运行二进制文件后,输出为:
capheader: 20080522 24315
capdata: 0 0 0
Operation not permitted
似乎 capset 因错误“不允许操作”而失败,而如果我评论这一行
/*cap_mask | = (1<< CAP_NET_BIND_SERVICE)*/
调用 capset 将成功输出:
capheader: 20080522 24464
capdata: 0 0 0
0
capheader: 20080522 24464
capdata: 0 0 0
你知道为什么 capset 在第一次运行时就失败了吗?