by I want to fork a new process with a particular capability set
(this happens in an init program I'm writing).
The problems is that execve() clears the capability set if the
filesystem doesn't support fs-capabilities, so I can't
make the change before exec.
execcap works around this by sharing a pipe between parent
and child that is close-on-exec, so the parent hangs on a
read from the pipe until it it returns (0), *then* sets the
child caps.
This basically works, but is inelegant since the child will
get to run for an undetermined amount of time (until
it blocks, realistically) before the caps are set.
In Real Life, this is OK, since the child will probably block
somewhere in the process of loading its shared libraries,
before it tries to do anything privileged. But this only a
stochastic asurance. Much better would be to start the
process in a STOPped state, set the caps, then
kill (child, CONT). No way to exec-stop, though.
Any ideas on a decent solution?
-Eric