Reevaluate usage of CAP_SYS_NICE (conflicts with AT_SECURE checks)
If a binary program has set one or more capabilities, new_for_uri()
returns a g_dummy_file()
instead of a g_daemon_file()
. It happens, at least, for "http://" URIs and the "trash:///" URI.
Also, in the same case, using set_attributes_from_info()
fails to set a metadata::
attribute in a file.
I attach an example code that tests these three cases. Compile it with valac --pkg glib-2.0 --pkg gio-2.0 test_gvfs.vala
and run it. It should work fine.
Now set a capability on the binary with sudo setcap cap_sys_nice+ep test_gvfs
; running it again should fail.
Now remove the capabilities on the binary with sudo setcap -r test_gvfs
; it should work again.
Edited by Carlos Garnacho