Granting a capability to a service
Florian Weimer
fweimer at redhat.com
Mon Jul 20 13:25:46 UTC 2015
On 07/20/2015 02:34 PM, Zbigniew Jędrzejewski-Szmek wrote:
> On Sat, Jul 18, 2015 at 10:42:43AM +0200, Florian Weimer wrote:
>> Let's assume I want to start a service as an ordinary user, but allow to
>> bind it to a privileged port. The program implementing the service does
>> not manipulate capabilities in any way.
> socket activation would be a much simpler and more secure alternative ;)
True. :)
A more generic approach which applies to other capabilities as well
would be nice, though.
--
Florian Weimer / Red Hat Product Security
More information about the devel
mailing list