Re: [systemd-devel] Non-root service with CAP_NET_RAW

Ian Pilcher Wed, 01 Mar 2017 07:26:30 -0800

On 02/28/2017 11:11 PM, Mantas Mikulėnas wrote:

With older kernels you'll have to use the older Capabilities= setting
*and* set file capabilities (setcap) on the executable itself.


(Well, depending on what file caps you set you might not even need any
systemd settings at all... See e.g. "getcap /sbin/ping" as a fully
standalone example, iirc it uses "cap_foo=eip" for this.)


Yup.  cap_net_raw+ep seems to work by itself.

Thanks!

--
========================================================================
Ian Pilcher                                         arequip...@gmail.com
-------- "I grew up before Mark Zuckerberg invented friendship" --------
========================================================================

_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] Non-root service with CAP_NET_RAW

Reply via email to