Welcome to the Linux Foundation Forum!

Exercise 41.2: Exploring apparmor security - issue with SETCAP

Hello,
I have run into an issue that I do not know how to resolve and I do not understand what causes it.

For the labs I am using quite an old laptop - BIOS dated 2010.
OS is UBUNTU 18.04.4 LTS (Bionic Beaver)"
Kernel: 5.3.0-53-generic

Every time I run the command:
****sudo setcap cap_net_raw+ep /bin/ping-test****

I get the following error:
fatal error: Invalid argument
usage: setcap [-q] [-v] (-r|-|) [ ... (-r|-|) ]

** Note must be a regular (non-symlink) file.**

I have checked and the file to which I am trying to assign the capabilities is a regular file
****stat /bin/ping-test
File: /bin/ping-test
Size: 64424 Blocks: 128 IO Block: 4096 regular file
Device: Inode: 916005 Links: 1

I have tried setcap command with other files and the same error is being displayed.

I have googled the issue and even though there are few people reporting this error no solution is provided.
One of the advice I found (dated 2012) was to compile the capabilities into the kernel - however it was not shown how to do it.

I have check ext4 file system and extended attributes are enabled.
I have no idea what else can be checked to make this command work.

I have also tried the same command on a newer machine with the same Ubuntu version and the same kernel.
It has worked seamlessly.

Both machines show that /sbin/setcap comes from libcap2-bin: /sbin/setcap

Could there be any hardware limitation? Any ideas?

Thank you,

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Categories

Upcoming Training