Suppose I have a Linux executable, which fails to perform some operation with EPERM (Permission Denied) error code. I also, can track the specific API it calls with strace. Suppose also, it caused because kernel check fails on specific user or executable capability, which is needed for this operation.
Is it possible to identify, somehow, the exact capability id that failed the check in kernel and caused generic EPERM error?
Now, I know that there's man page for capability which describes in general the existing capabilities, and how to use them. Still I wonder if there's away to automatically expose the capability that has to be added.
The goal of cause is to create user or file with minimum capability set that us sufficient to perform the task.
