Linux功能是否适用于binfmt_misc?
[英]Do Linux capabilities work with binfmt_misc?
问题描述
I'm potentially interested in using Linux capabilities for a program (specifically, cap_net_bind_service to allow a program to bind to a TCP port less than 1024). 
我可能有兴趣为程序使用Linux功能(具体来说, cap_net_bind_service允许程序绑定到小于1024的TCP端口)。
However, I'd like to do it for a program that is C# running under Mono. 但是,我想为一个在Mono下运行的C#程序做这件事。 Normally, I think that would mean the Mono interpreter itself would need to have the capabilities set on it, rather than the whatever.exe program that it runs. 通常,我认为这意味着Mono解释器本身需要在其上设置功能,而不是它运行的whatever.exe程序。
However, Linux also can have Mono binary kernel support , via the kernel binfmt_misc mechanism. 但是,Linux也可以通过内核binfmt_misc机制获得Mono二进制内核支持 。
So, does the kernel binfmt_misc mechanism work with capabilities? 那么,内核binfmt_misc机制是否具有功能? That is, so that a particular binfmt_misc-enabled executable file can run with particular capabilities set. 也就是说,特定于binfmt_misc的可执行文件可以使用特定功能集运行。
1 个解决方案
解决方案1
0 2015-05-13 00:33:12
Normally, I think that would mean the Mono interpreter itself would need to have the capabilities set on it[...]
It would take binfmt_misc out of the question if you set capabilities on the process tree in question, rather than on the files. 如果您在有问题的进程树上设置功能而不是在文件上设置功能,那么binfmt_misc将无法解决问题。
See cap_set_proc() , and tooling for manipulating it. 请参阅cap_set_proc()和用于操作它的工具。 For instance, if you were using systemd: 例如,如果您使用的是systemd:
[Service]
ExecStart=/usr/bin/mono /path/to/your/executable.exe
User=your_service_account
Capabilities=CAP_NET_BIND_SERVICE
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.