I need an executable inside an ext2 loop filesystem to have the CAP_NET_ADMIN (cap_net_admin) file capability set.
If it is possible with debugfs, what exactly would be the commands I would type in?
If not possible with debugfs, is there another tool or way to do this?
This would be equivalent to the libcap command: setcap cap_net_admin+ep {executable}
I need to do this without root and within a Makefile or script.
Found patches that may go into the next version of debugfs which works great!
Especially the ability to dump out to an outfile (ea_get {file} security.capability -f {outfile}) the known security.capability values of a preset file.
Then you use ea_set (ea_set {file} security.capability -f {infile}) to set any other files to the preset capability.
I think you also need to set before you start if it is not there:
feature ext_attr
Patches will require your hands to get dirty, but it starts from: