В системе Linux непривилегированный пользователь запускает программу. Созданный процесс имеет возможности CAP_NET_RAW, CAP_NET_ADMIN
с режимом эффективный, разрешенный, наследуемый
.
This process then creates a child process by calling fork
and execv
to invoke another program udhcpc, but the child process does not inherit the capabilities CAP_NET_RAW,CAP_NET_ADMIN
as expected. Even though before setting the capabilities I have called prctl(PR_SET_KEEPCAPS, 1)
.
Any suggestion on what to do to inherit unprivileged parent process' capabilities upon fork
followed by execve
?