[systemd-devel] Non-root service with CAP_NET_RAW
Ian Pilcher
arequipeno at gmail.com
Wed Mar 1 15:12:50 UTC 2017
On 02/28/2017 11:11 PM, Mantas Mikulėnas wrote:
> With older kernels you'll have to use the older Capabilities= setting
> *and* set file capabilities (setcap) on the executable itself.
>
> (Well, depending on what file caps you set you might not even need any
> systemd settings at all... See e.g. "getcap /sbin/ping" as a fully
> standalone example, iirc it uses "cap_foo=eip" for this.)
Yup. cap_net_raw+ep seems to work by itself.
Thanks!
--
========================================================================
Ian Pilcher arequipeno at gmail.com
-------- "I grew up before Mark Zuckerberg invented friendship" --------
========================================================================
More information about the systemd-devel
mailing list