Search results

I figured it out -> CAP_DAC_READ_SEARCH,CAP_DAC_OVERRIDE... static void set_ambient_caps(int *newcaps, int num_elem) { int i; for(i=0; i<num_elem; i++) { if(prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, newcaps, 0, 0)){...

Hi, I have a scenario where a normal user process needs to call docker stats command, which is an elevated (root) call. The idea is to write a simple helper binary that adds the appropriate caps to the inheritable and ambient sets (and then set the caps on the binary from a setup script that...