How to add Linux capability for CAP_IPC_OWNER in limits.conf?
-
03-06-2021 - |
Question
I have a /etc/security/limits.conf
file as follows
manu - memlock unlimited
manu - rtprio 100
manu - nice 40
manu - stack unlimited
Now I want the user "manu" to be able to use the shmctl
function requiring CAP_IPC_OWNER
, how should I modify this file to have this capability? Is it possible?
Solution
That's not the place to set a capability. Use the system call capset()
to do that, e.g. you start your process as root, set this capability with capset()
, and then you can change your UID; or you can do that from another process but you need the pid.
An alternative is to use setcap()
to set this as an attribute on your executable, see setcap(8)
.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow