No subject
Tue Mar 17 14:04:44 CDT 2009
I would like to see wine and dosemu using filesystem capabilties to temporarily
grant themselves CAP_SYS_RAWIO during start up to map the memory below
mmap_min_addr, instead of requiring that the entire running system have their
mmap_min_addr lowered.
Implementing this would involve two halves: setting up the filesystem
capabilities when the package installed (postinst most likely), and dropping
the capability once the program had allocated memory.
Here is a quick example of how to mark an executable with a capability:
http://www.friedhoff.org/posixfilecaps.html#Examples%20-%20Substitution%20of%20suid-0%20privilege%20with%20POSIX%20Capabilities%20privilege
They use numeric values, but it may be more readable to use text version:
sudo setcap cap_sys_rawio=ep low-mmap
(setcap is in libcap2-bin)
Part 2 involves dropping the capability:
http://git.0pointer.de/?p=pulseaudio.git;a=blob;f=src/daemon/caps.c;hb=86dee05aec330a0c2886c0327712153793ca46c4
the pa_drop_caps and shows how to drop capabilities, and pa_have_caps shows how
to test for a specific capability. (In the example's case, CAP_SYS_NICE.)
(sorry, lost some context for my setcap paste: "low-mmap" is the program I was
setting capabilities on. "cap_sys_rawio" is the textual version of the
capabilities.)
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list