I'm playing around with capsh and cap_dac_read_search capability, on a Ubuntu 20.04 machine (kernel version 5.4.0)
In theory the nobody user can read /etc/shadow if I gave cap_dac_read_search capability to the cat process, but it didn't work:
# capsh --caps="cap_setpcap+eip cap_setgid+eip cap_setuid+eip cap_dac_read_search+eip" --addamb=cap_dac_read_search --keep=1 --user=nobody -- -c "cat /etc/shadow"
cat: /etc/shadow: Permission denied
Then I tried something similar with cap_sys_module, the capability is not applied somehow as well:
# capsh --caps="cap_setuid+eip cap_setgid+eip cap_setpcap+eip cap_sys_module+eip" --addamb=cap_sys_module --keep=1 --user=nobody -- -c "modprobe xfs"
modprobe: ERROR: could not insert 'xfs': Operation not permitted
Does anyone know why?
