From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 51DEAA0544 for ; Fri, 2 Sep 2022 16:31:58 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id D9CDF40693; Fri, 2 Sep 2022 16:31:57 +0200 (CEST) Received: from mail-lj1-f182.google.com (mail-lj1-f182.google.com [209.85.208.182]) by mails.dpdk.org (Postfix) with ESMTP id 7392A40685 for ; Fri, 2 Sep 2022 16:31:56 +0200 (CEST) Received: by mail-lj1-f182.google.com with SMTP id z20so2468895ljq.3 for ; Fri, 02 Sep 2022 07:31:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:from:to:cc:subject:date; bh=xcwZRPvFxceDHq/syXXP7GZe6og6l0pqcvlVOTlloss=; b=f5j5shOn1z2iO+VGsRnpPRsIS9Z8S6XncGAzGOfVM7d0XkQ8twpI3HUuwyPgQeh0xD 4HI1a8hn3Kr4qZ1e7MnDKRl8EuDOZQU8vthb4mV97iKVhY82bOMwTtSMR/fBpIGHIy+E 4j0VjuASuYAEEaNaIwqRrtP1UuSJSgUutJvKlHur0r47fAmh6FFPkNEzlK+9xPr8Lwto M50wUEX8FrLQ/bcmOikX0erw4zWmswuRPUWkrZiGGYrHwebxkQJw02Qn+1fmeDX8juRo g5fBruloxFS8xA/D9TPuvi6N9eh0xPUh7Bgy6MCrVoj3spbelUlCh9MQBbDVFZPSHDYY 8QTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:x-gm-message-state:from:to:cc :subject:date; bh=xcwZRPvFxceDHq/syXXP7GZe6og6l0pqcvlVOTlloss=; b=JEbnLkzGvoxnn+05jubWw2QTjdtGfW3Wke9kr6EXbZc/csjwENlkZb3Fczwg5r1Cw6 +JAnLU8mIdaXPpjdYyqqvAzfq36uzdHiVi0i/bL+JG9ZtYPpdEprELa1J8U5u3pho5T6 eYnaANeDKE2OvKMttwmzH3Ot7HhcCEysPPLdImsLwkcAPSNrjDx5gqPGvhZvvt2OE3/j vD6npguX0VGzVEqhDtrOyvL+xj6PeEAC7yxUGdFAurPk9tVd1tDN0LeEGr+9VS1A/rlZ 12fZNL3iz+7/9iAukLtCNZj4ozKf9nvIf3wdBQWRjRoIDQUFY+s1F5gcgxdMBTp4XLgQ Zuiw== X-Gm-Message-State: ACgBeo25LIeJ4CBxT0EAxABZwCv2a7bSwvITxVthCRBzxJ0nV8pz65AU AtsFFHIKayPcKJhBIizC2jE= X-Google-Smtp-Source: AA6agR6N0xpvVP+Hd6iZkSAH14FcCGj9zTH9USeuIay8KfPkbrW5F+AOJbcXdKbMwWLjK3k0YEY79A== X-Received: by 2002:a05:651c:198e:b0:25e:6d28:3a0f with SMTP id bx14-20020a05651c198e00b0025e6d283a0fmr11812445ljb.321.1662129115701; Fri, 02 Sep 2022 07:31:55 -0700 (PDT) Received: from sovereign (broadband-37-110-65-23.ip.moscow.rt.ru. [37.110.65.23]) by smtp.gmail.com with ESMTPSA id j13-20020ac2454d000000b0048d076373d0sm264319lfm.98.2022.09.02.07.31.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Sep 2022 07:31:55 -0700 (PDT) Date: Fri, 2 Sep 2022 17:31:54 +0300 From: Dmitry Kozlyuk To: Boris Ouretskey Cc: users@dpdk.org Subject: Re: Issue setting up the DPDK development with non-privileged user Message-ID: <20220902173154.57f5210c@sovereign> In-Reply-To: <20220901222612.542840fe@sovereign> References: <20220831190158.44dd76de@sovereign> <20220901174259.3a9420ae@sovereign> <20220901222612.542840fe@sovereign> X-Mailer: Claws Mail 3.18.0 (GTK+ 2.24.33; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: users@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK usage discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: users-bounces@dpdk.org 2022-09-01 22:26 (UTC+0300), Dmitry Kozlyuk: > 2022-09-01 17:42 (UTC+0300), Dmitry Kozlyuk: > > Theoretically, one can enumerate all capabilities, give all capabilities > > except one to the binary, try to run it, and notice which capability removal > > leads to a failure. However, `setcap "all=ep $capa-ep" ./binary` > > did not give the correct answer to me (why?), so I did it semi-manually. > > Aha! CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH are not orthogonal: > they both allow bypassing file read permission check. > > I have a working script here: ... Apparently, a better alternative is already out there: https://github.com/iovisor/bcc/blob/master/tools/capable_example.txt