0

I am trying to grant reboot capability to my appimage using setcap. Using following command on a simple application (all it does is to reboot the machine) works, however it does not work with my actual app's appimage.

Both applications essentially do the same thing for rebooting:

sync();
if(reboot(RB_AUTOBOOT) == -1) {
    // handle errno
}

(In case you want to try the code, include <unistd.h> and <sys/reboot.h>)

Output with minimal test app:

sudo setcap -v cap_sys_boot+ep ./main
./main: OK

Output with appimage:

sudo setcap -v cap_sys_boot+ep ./app.AppImage
./app.AppImage differs in [pe]

Any idea what can I do?

no more sigsegv
  • 468
  • 5
  • 17
  • 1
    When an AppImage is executed it mounts the payload in a RO location and executes the binary there. I assume that the permission given by setcap is not passed to the actual application binary when execve is called. – Alexis May 12 '22 at 21:38
  • Yes, @Alexis. That's what I found out later, when I found a Github issue: `that might be a limitation because the AppImage is mounted using FUSE. Such filesystems are limited, e.g., permission wise (setuid bit cannot be used for instance).` – no more sigsegv May 13 '22 at 05:36

0 Answers0