I had a problem while I was playing around with capabilities.
Basically I have a file "add.sh" which prints capabilities of the current process.
I add cap_dac_override=eip capabilities to the file by using root user and then I switch to an unprivileged user.
When I check process capabilities, before running add.sh, the process capabilities are:
CapInh: 0000000000000000
CapPrm: 0000000000000000
CapEff: 0000000000000000
CapBnd: 00000000a80425fb
CapAmb: 0000000000000000
The "add.sh" file capabilities are still cap_dac_override=eip.
According to the Linux documentation, once executed, the script "add.sh" should have
P'(permitted) = (P(inheritable) & F(inheritable)) | **(F(permitted) & P(bounding))** | P'(ambient)
so I expected to have
CapPrm: (hex value for cap_dac_override)
Instead I still get
CapInh: 0000000000000000
CapPrm: 0000000000000000
CapEff: 0000000000000000
CapBnd: 00000000a80425fb
CapAmb: 0000000000000000
I would like to ask you where I'm wrong.