Welcome to the Linux Foundation Forum!

Exercise 41.2: Exploring apparmor security - issue with SETCAP

Hello,
I have run into an issue that I do not know how to resolve and I do not understand what causes it.

For the labs I am using quite an old laptop - BIOS dated 2010.
OS is UBUNTU 18.04.4 LTS (Bionic Beaver)"
Kernel: 5.3.0-53-generic

Every time I run the command:
****sudo setcap cap_net_raw+ep /bin/ping-test****

I get the following error:
fatal error: Invalid argument
usage: setcap [-q] [-v] (-r|-|) [ ... (-r|-|) ]

** Note must be a regular (non-symlink) file.**

I have checked and the file to which I am trying to assign the capabilities is a regular file
****stat /bin/ping-test
File: /bin/ping-test
Size: 64424 Blocks: 128 IO Block: 4096 regular file
Device: Inode: 916005 Links: 1

I have tried setcap command with other files and the same error is being displayed.

I have googled the issue and even though there are few people reporting this error no solution is provided.
One of the advice I found (dated 2012) was to compile the capabilities into the kernel - however it was not shown how to do it.

I have check ext4 file system and extended attributes are enabled.
I have no idea what else can be checked to make this command work.

I have also tried the same command on a newer machine with the same Ubuntu version and the same kernel.
It has worked seamlessly.

Both machines show that /sbin/setcap comes from libcap2-bin: /sbin/setcap

Could there be any hardware limitation? Any ideas?

Thank you,

Categories

Upcoming Training