From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=eBY/=25=kernelnewbies.org=kernelnewbies-bounces+kernelnewbies=archiver.kernel.org@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.3 required=3.0 tests=DKIM_ADSP_CUSTOM_MED,
	DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS
	autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 88305C282DD
	for <kernelnewbies@archiver.kernel.org>; Wed,  8 Jan 2020 22:25:55 +0000 (UTC)
Received: from shelob.surriel.com (shelob.surriel.com [96.67.55.147])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 0FE3720643
	for <kernelnewbies@archiver.kernel.org>; Wed,  8 Jan 2020 22:25:53 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=fail reason="signature verification failed" (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="TBXsEYYX"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 0FE3720643
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernelnewbies-bounces+kernelnewbies=archiver.kernel.org@kernelnewbies.org
Received: from localhost ([::1] helo=shelob.surriel.com)
	by shelob.surriel.com with esmtp (Exim 4.92.3)
	(envelope-from <kernelnewbies-bounces+kernelnewbies=archiver.kernel.org@kernelnewbies.org>)
	id 1ipJlw-0003yr-QZ
	for kernelnewbies@archiver.kernel.org; Wed, 08 Jan 2020 17:25:52 -0500
Received: from mail-io1-xd43.google.com ([2607:f8b0:4864:20::d43])
 by shelob.surriel.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128)
 (Exim 4.92.3) (envelope-from <noloader@gmail.com>)
 id 1ipJkF-0001oU-GD
 for kernelnewbies@kernelnewbies.org; Wed, 08 Jan 2020 17:24:07 -0500
Received: by mail-io1-xd43.google.com with SMTP id c16so4972100ioo.8
 for <kernelnewbies@kernelnewbies.org>; Wed, 08 Jan 2020 14:24:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:references:in-reply-to:reply-to:from:date:message-id
 :subject:to:content-transfer-encoding;
 bh=yt6DDvPrjWgrpbJ0xsXeqMBdRJbq91Fihw2QzugUpE4=;
 b=TBXsEYYXvOH2jqCZehZWgL/1u4gC8bQcaKdcJV8VoH9cdDvdIpDjsoIDOq6gyTg49I
 Vr2owOQa+aHeezZoQWmcjd59F2UnlvMivwEmUidT3oRYfvg4Sl5ayRKunczg5MLL7X45
 PqxnJbCye857kn6rMXA3TB9N0ZWvsdTIRY0jAYR6LPNBHye25NyJMjf2sWO+zkASm7Ju
 YJtXRKyeL7KRnvFHSljhQrkcTYt0o2sahyCN8Fk4Ze24WJpzOHwJONhRz1IjL6NE+jVX
 TjZfhH2EGbkl1GEfTptTD/UD13KoVtOASZBGFP7CWULdLsQ9pETnylHuOc69PSmiFnv9
 GyYg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:reply-to
 :from:date:message-id:subject:to:content-transfer-encoding;
 bh=yt6DDvPrjWgrpbJ0xsXeqMBdRJbq91Fihw2QzugUpE4=;
 b=CedX/Hqyd99uLc5LLLu5tUH7ozz6mNE7b0lqo307m/0P2Tcf4udhBrlk7LbOgr/xiq
 R2auPtfsBL+ZR38sv5YAsrb/zgNv5uYbthLshHNrab5b68OBE/b3wLhXDQocKmTdC4Lr
 otfJiII9aq6cArDOhCfnCI+IKH4pkCNcXOrq/BLwRlgaD2049HvQWKqHK09BfYD4kuBg
 4lSQ6fcPXtUWf/HYywP6E4HmspAmM9UQAU/v4ZYe41j8NB4KuOtcZbXRojqTfymBNGpN
 p1YTEkETfLCv2WCgjFUz+L2NxuxAN2vQ8aHuM+Us2Nf+OAQXLFog1TnHvTjdHn4CWxSd
 vUjg==
X-Gm-Message-State: APjAAAU8qNEU2g5LS4Z3gfkPi94UPMsOBbs3/Yq2SpR2jfLq3ReSXpeP
 gz5CVmz8OWvgVWuo1DNsbFu6HD4wJjDqOge9r6B+mDMTpY0=
X-Google-Smtp-Source: APXvYqyoBrxROHuboCseJnHG4Nz/OlMndan4Mc5ls2S42PPgM85Hmoe+8WGSDh57/sZrpmfedagSIykhNl7ZlXitYb4=
X-Received: by 2002:a02:c906:: with SMTP id t6mr6246626jao.75.1578522245316;
 Wed, 08 Jan 2020 14:24:05 -0800 (PST)
MIME-Version: 1.0
References: <CAH8yC8kg1uoLhddNxjFN=wM8Gg4cz4qS6Sq1KsuD7pK3mgZ3bw@mail.gmail.com>
 <7f477e10-8e55-fd1b-bc89-5399ba90395f@petrovitsch.priv.at>
In-Reply-To: <7f477e10-8e55-fd1b-bc89-5399ba90395f@petrovitsch.priv.at>
From: Jeffrey Walton <noloader@gmail.com>
Date: Wed, 8 Jan 2020 17:23:54 -0500
Message-ID: <CAH8yC8kPb-yXkZ89xktfu67PmTB3JRCF2QY7u1DwtKXM=tHTHA@mail.gmail.com>
Subject: Re: Alternate method of running swapon?
To: kernelnewbies <kernelnewbies@kernelnewbies.org>
X-BeenThere: kernelnewbies@kernelnewbies.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Learn about the Linux kernel <kernelnewbies.kernelnewbies.org>
List-Unsubscribe: <https://lists.kernelnewbies.org/mailman/options/kernelnewbies>, 
 <mailto:kernelnewbies-request@kernelnewbies.org?subject=unsubscribe>
List-Archive: <http://lists.kernelnewbies.org/pipermail/kernelnewbies/>
List-Post: <mailto:kernelnewbies@kernelnewbies.org>
List-Help: <mailto:kernelnewbies-request@kernelnewbies.org?subject=help>
List-Subscribe: <https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies>, 
 <mailto:kernelnewbies-request@kernelnewbies.org?subject=subscribe>
Reply-To: noloader@gmail.com
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kernelnewbies-bounces+kernelnewbies=archiver.kernel.org@kernelnewbies.org

On Wed, Jan 8, 2020 at 1:26 PM Bernd Petrovitsch
<bernd@petrovitsch.priv.at> wrote:
>
> Hi all!
>
> On 08/01/2020 19:09, Jeffrey Walton wrote:
> [...]
> > I work with an open source project. We have a VM but it is low-end.
> > The machine suffers OOM kills. We don't have access to /etc/fstab.
>
> Apparently you run too many (or too fat) programs;-)
>
> > Everything is an upsell with the VPS provider.
> >
> > I'm trying to setup a swapfile during startup using Systemd but:
> >
> >     # swapon /swapfile
> >     swapon: /swapfile: swapon failed: Operation not permitted
> >
> > This may be useful:
> [... nope ....]
>
> > My question is, is there a way to sidestep the restriction? Is it
> > possible to ask the kernel to use the swapfile without using the
> > command?
>
> The swapon (and swapoff) command basically calls the swapon()
> syscall (and swapoff() syscall, respectively) and their manual
> page say the caller needs CAP_SYS_ADMIN capability which usually
> means being "root".
>
> Does it work in a root-shell?

No, it does not work in a root shell.

The output is capsh is below. The man page for capsh(1) does not tell
me how to interpret it. Does cap_sys_admin under "current" mean I have
it? Or does lack of cap_sys_admin in "bounding" mean I lack it?

Jeff

# capsh --print
Current: = cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_chroot,cap_sys_ptrace,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_setfcap+eip
Bounding set =cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_chroot,cap_sys_ptrace,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap
Securebits: 00/0x0/1'b0
 secure-noroot: no (unlocked)
 secure-no-suid-fixup: no (unlocked)
 secure-keep-caps: no (unlocked)
uid=0(root)
gid=0(root)
groups=0(root)

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies