Granting a capability to a service

Florian Weimer fweimer at
Mon Jul 20 13:25:46 UTC 2015

On 07/20/2015 02:34 PM, Zbigniew Jędrzejewski-Szmek wrote:
> On Sat, Jul 18, 2015 at 10:42:43AM +0200, Florian Weimer wrote:
>> Let's assume I want to start a service as an ordinary user, but allow to
>> bind it to a privileged port.  The program implementing the service does
>> not manipulate capabilities in any way.

> socket activation would be a much simpler and more secure alternative ;)

True. :)

A more generic approach which applies to other capabilities as well
would be nice, though.

Florian Weimer / Red Hat Product Security

More information about the devel mailing list