Are setcap-changes permanent

setcap

When using setcap for a file, is this change permanent or do I have to invoke setcap somewhere at boot time?

setcap cap_sys_nice fooexecutable

Solution 1:

The setcap on the file stores the capabilities in an extended attribute with a call to setxattr. This extended attribute is stored like other attributes (ownership, rights...) in the filesystem.

Since kernel 2.6.24, the kernel supports associating capability sets with an executable file using setcap(8). The file capability sets are stored in an extended attribute (see setxattr(2)) named security.capability.

So, you don't have to reset your cap on each reboot.

Related

Can I get the classic "run command" window
Does redshift need an active internet connection to work?
How to burn a region free DVD from a DVD movie locked to a specific region?
How to run Ubuntu without GUI in Virtual Box?
Ubuntu shows 'Kubuntu' on boot
How do I open Dolphin in a certain folder from the terminal?
change default printing settings
The fastest way to create a file from a terminal
Bash : colored copy / paste
Can't change shell in EC2 server
How to install cling?
I/O error, dev sda, sector xxxxxxxxxx