# Can't get or set file capabilities

## ralfeus

Hi everybody

I'm trying to allow one program to create raw sockets. For that I want to set cap_net_raw capability for that program. But when I try to run setcap or getcap with any parameters I get an error:

```
ralfeus@phoenix ~ $ sudo getcap /bin/bash

Password: 

Failed to get capabilities of file `/bin/bash' (Operation not supported)
```

I have enabled POSIX capabilities in kernel and re-emerged libcap. But error still is same.

I've gone through Google, but didn't find anything like this. What else can be done?

Any help is appreciated.

----------

## mv

Just a wild guess: Have you compiled extended attributes support into your filesystem?

----------

## ralfeus

No   :Embarassed:  Should I?

----------

## mv

I suppose so, for that is where that capabilities are stored...   :Wink: 

----------

## ralfeus

It helped  :Smile: 

Thank you

----------

## mw007

Hello all,

I'm having the same issue as the OP. I have enabled XATTRS for the filesystems I'm using. I have both reiser and ext3, and it doesn't seem to work on either. It does, however, function properly on my workstation at work, which is ext3 on Ubuntu.

Here are the relevant parts of my kernel config:

```
$ zcat /proc/config.gz | grep 'CONFIG_\(EXT3\|REISERFS\)_FS_XATTR'

CONFIG_EXT3_FS_XATTR=y

CONFIG_REISERFS_FS_XATTR=y
```

I've installed libcap, and when trying setcap, I always get the following error:

```
$ setcap cap_net_raw+eip ./my_exe_file

Failed to set capabilities on file `/boot/capabilities_test' (Operation not supported)

usage: setcap [-q] [-v] (-r|-|<caps>) <filename> [ ... (-r|-|<capsN>) <filenameN> ]

 Note <filename> must be a regular (non-symlink) file.
```

The files are owned by root, though I'm not sure that matters entirely.

Any other ideas I should try?

----------

## ralfeus

I guess you have also have this:

```
EXT3_FS_SECURITY =y
```

It didn't work without that.

----------

## mw007

Thank you!!! I did not have that option set. 

I do now, and capabilities are working quite well  :Smile: 

----------

