Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to execute a process with CAP_SYS_RESOURCE

Tags:

posix

linux-capabilities

I'm using Linux POSIX mqueue implementation, and I have a problem. For current kernel, the max message size is 1MB, but I need to have no limit.

man mq_overview says that if the process is privileged (a process that has CAP_SYS_RESOURCE capability) it has no limits. I thought that a process executed by root was already privileged, but I'm still getting "message too long" error (my message has 2MB).

How can I add CAP_SYS_RESOURCE capability to the process?

like image 596
Leonardo Alt Avatar asked Sep 18 '10 00:09

Leonardo Alt

People also ask

What is EP capability?

It means effective-set and permitted-set. It means the capabilities will be put in the permitted set ( p ), and all permitted capabilities will be copied into the effective set ( e ).

How do you determine the process capabilities?

Process Capability for Non-Normal Data To calculate the process capability, it is necessary to understand the process data shapes, whether it is normal or non-normal, if it is non-normal data we must see that process is in control or not if it is not in control; then it cannot be predicted for process capability.

What is Cap_setuid?

Where cap_setuid() arranges for the right effective capability to be raised in order to perform the system call, and also arranges to preserve the availability of permitted capabilities after the uid has changed. Following this call all effective capabilities are lowered.

What is CapBnd?

CapBnd: With the bounding set it's possible to restrict the capabilities a process may ever receive. Only capabilities that are present in the bounding set will be allowed in the inheritable and permitted sets. CapAmb: The ambient capability set applies to all non-SUID binaries without file capabilities.

2 Answers

I don't know if it is possible to set it to a running process (I guess not) but you can grant the CAP_SYS_RESOURCE capability to an executable file using # setcap 'CAP_SYS_RESOURCE=+ep' /path/to/executable (as super user). In this example the +ep turns down into raise the CAP_SYS_RESOURCE capibility to be permitted and effective. However the man pages capabilities(7) and setcap(8) are useful sources for further information.

like image 83
coltox Avatar answered Sep 22 '22 18:09

coltox

you can change the ceiling on the maximum message size on this file /proc/sys/fs/mqueue/msgsize_max I hope it works

like image 39
Phuc Vinh Avatar answered Sep 22 '22 18:09

Phuc Vinh
Sign in to Comment

Related questions

POSIX rlimit: What exactly can we assume about RLIMIT_DATA?
Can a correct fail-safe process-shared barrier be implemented on Linux?
Is creating two FILEs for the same file descriptor well-defined?
Why is isascii() deprecated?
How to send Ctrl-C control character or terminal hangup message to child process?
Is the data in siginfo trustworthy?
c++11 use condition variable in signal handler
What does the POSIX standard say about thread stacks in atexit() handlers? What's the OS practice?
revisiting "how do you use aio and epoll together"
how standard specify atomic write to regular file(not pipe or fifo)?
Does Node.js actually use multiple threads underneath?
Handling of '--' in arguments of /bin/sh: POSIX vs implementations by Bash/Dash/FreeBSD's sh
Are posix regcomp and regexec threadsafe? In specific, on GNU libc?
under what conditions are pipe reads atomic?
atoi is a standard function. But itoa is not. Why?
Why can't I break out of this itertools infinite loop?
What is correct way to have single Signal Handler function for multiple Signals?
Rename from a file descriptor?
Running shell script with NSTask causes posix_spawn error
Get directory path by fd

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!