Bug#1093126: systemd-homed: Ambient capabilities of a user are not set

Manuel Traut manuel.traut at mt.com
Wed Jan 15 12:01:38 GMT 2025 

Package: systemd-homed
Version: 257.2-1
Severity: normal

I expected that setting CAP_SYSLOG as AmbientCapability for a user
is enough to allow the usage of dmesg.

root at iris:~# homectl create --capability-ambient-set=CAP_SYSLOG testuser
���� Please enter new password for user testuser: ������������������                  
���� Please enter new password for user testuser (repeat): ������������������                  
root at iris:~# exit
logout

testuser at iris:~$ dmesg
dmesg: read kernel buffer failed: Operation not permitted

The capability is reported properly:

testuser at iris:~$ homectl inspect testuser | grep Cap
Ambient Caps: cap_syslog

But not available in the users shell:

testuser at iris:~$ /usr/sbin/capsh --current
Current: =
Current IAB: 

testuser at iris:~$ ps aux | grep testuser | grep bash
testuser     709  0.0  0.2   5696  4240 pts/1    Ss   11:48   0:00 -bash
testuser     723  0.0  0.0   3452  1736 pts/1    S+   11:51   0:00 grep bash

testuser at iris:~$ cat /proc/709/status | grep Cap
CapInh: 0000000000000000
CapPrm: 0000000000000000
CapEff: 0000000000000000
CapBnd: 000001ffffffffff
CapAmb: 0000000000000000

-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.12.6-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages systemd-homed depends on:
ii  init-system-helpers  1.68
ii  libblkid1            2.40.4-1
ii  libc6                2.40-5
ii  libcap2              1:2.66-5+b1
ii  libfdisk1            2.40.4-1
ii  libpam-runtime       1.5.3-7
ii  libpam0g             1.5.3-7+b1
ii  libssl3t64           3.4.0-2
ii  libsystemd-shared    257.2-1
ii  systemd              257.2-1
ii  systemd-userdbd      257.2-1

systemd-homed recommends no packages.

Versions of packages systemd-homed suggests:
ii  libcryptsetup12  2:2.7.5-1
ii  libidn2-0        2.3.7-2+b1
ii  libp11-kit0      0.25.5-3
ii  libtss2-rc0t64   4.1.3-1.2

-- no debconf information

More information about the Pkg-systemd-maintainers mailing list