CAP_NET_ADMIN导致SSL在二进制文件中中断
相关标签:
我正在开发一个rust网络应用程序。我从gcloud存储下载了一个软件包(使用https://...URL)。我最终需要CAP_NET_ADMIN和CAP_NET_RAW的功能。
这是我的生锈程序:
pub fn download_runner_binary(bin_dir: PathBuf) -> Result<()> {
let uri = "https://example.com/foo.tar";
let response = reqwest::blocking::get(uri)?;
let tar_path = bin_dir.join("foo.tar");
let tar_path2 = tar_path.clone();
let mut dest = File::create(tar_path)?;
io::copy(&mut Cursor::new(&mut response.bytes()?), &mut dest)?;
// now seek the beginning
let dest_f = File::open(tar_path2)?;
// now extract the files here
let mut archive = Archive::new(dest_f);
archive.unpack(bin_dir)?;
Ok(())
}
它编译得很好,我可以很好地运行它。随后,我会:
sudo setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' ./target/debug/foo
当我getcap:
getcap ./target/debug/foo
./target/debug/foo = cap_net_admin,cap_net_raw+eip
在这个阶段,当我运行我的程序时:
(base) ➜ wallet git:(s/permissions) ✗ ./target/debug/foo init
Initializing job runner
Error: NetworkError: `error sending request for url (https://example.com/): error trying to connect: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1914: (unable to get local issuer certificate)`
Caused by:
0: error sending request for url (https://example.com/foo.tar): error trying to connect: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1914: (unable to get local issuer certificate)
1: error trying to connect: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1914: (unable to get local issuer certificate)
2: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1914: (unable to get local issuer certificate)
3: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1914:
而且我无法从任何SSL url中提取内容。一旦我用setcap -r ./target/debug/foo,一切都很好。
然后我写了一个小python脚本:
#!/usr/bin/env python
import sys
import requests
resp = requests.get('https://example.com/foo.tar')
print(resp.text)
在此脚本上设置相同的功能并运行./test.py完全没有问题。
你在做什么奇怪的事吗?证书有问题吗?我的本地SSL设置有问题吗?
任何帮助都将不胜感激。
特别声明:以上内容(图片及文字)均为互联网收集或者用户上传发布,本站仅提供信息存储服务!如有侵权或有涉及法律问题请联系我们。
举报
