root and capabilities list
Martin Pitt
martin.pitt at ubuntu.com
Tue Oct 14 18:23:37 UTC 2014
Hello ds,
ds [2014-10-14 21:44 +0400]:
> I'm trying to write a widget, which reports intel CPUs power
> consumption. For that, the widget needs access to /dev/cpu/.../msr,
> as well as ability to load kernel modules <b>cpuid</b> and <b>msr</b>.
> I can set CAP_SYS_RAWIO capability to get the access, but the
> problem is that /dev/cpu/.../msr & cpuid files can only be read
> and written by root.
You also need root to initially get those CAP_*, so this is not a real
limitation. So this should work:
- start as root (the widget itself or preferably a small helper
which reads the data from /dev/ and reports it on stdout or D-BUS
or so)
- open /dev/cpu/*
- (if necessary) modprobe stuff
- prctl(PR_SET_KEEPCAPS)
- setgid()/setuid() to drop privileges
- setpcap() to only keep CAP_SYS_RAWIO
Then your process will run as user with only CAP_SYS_RAWIO, and has
open fds to /dev/cpu/* which you can continue to use.
FWIW, I find it pretty pointless that you need a capability to read
from an open fd -- it should suffice to have the capability to open()
the device. The kernel had had the same mis-design with /proc/kmsg for
years which prevented effective privilege dropping in klogd.
Thus ideally you should start as root, open /dev/*, then suid() and
run as normal user without extra privs and can do without the
capability dance.
Martin
--
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
More information about the Ubuntu-devel-discuss
mailing list