Linux capabilities (setcap) seems to disable LD_LIBRARY_PATH

Lorenzo Pistone picture Lorenzo Pistone · Mar 23, 2012 · Viewed 14k times · Source

I use LD_LIBRARY_PATH to set the path of a certain user library for an application. But if I set capabilities on this application

sudo setcap CAP_NET_BIND_SERVICE=eip myapplication

then LD_LIBRARY_PATH seems to be ignored. When I launch the program, Linux complains that it cannot find a certain shared library.

I guess that there's some kind of protection kicking in, to prevent applications with extended rights from being hijacked. Is there a workaround?

Answer

scai picture scai · Aug 14, 2012

As already stated in other answers, this behavior is intended. There is some kind of workaround if you can compile (or at least link) the application yourself. Then you can pass -Wl,-rpath <yourDynamicLibraryPath> to gcc or -rpath <yourDynamicLibraryPath> to ld and you won't have to specify LD_LIBRARY_PATH at all on execution.