Granting a capability to a service

Andrew Lutomirski luto at mit.edu
Wed Jul 22 20:28:19 UTC 2015


On Wed, Jul 22, 2015 at 1:25 PM, Lennart Poettering
<mzerqung at 0pointer.de> wrote:
> On Mon, 20.07.15 13:20, Florian Weimer (fweimer at redhat.com) wrote:
>
>> (d) Change the Go program to optionally drop capabilities and switch the
>> user.  Do not use fscaps, and keep running it as full root initially.
>> This is the cleanest approach and what other services use, but I don't
>> think Go currently supports switching credentials in all threads in the
>> process.
>
> Note that caps are weird on Linux. AFAIR they actually apply to
> all kinds of tasks, including threads, not just processes. IIRC Go
> does not give you control when exactly it creates threads, no? This
> makes it difficult to drops caps sanely if you want to ensure they are
> dropped in all threads at the same time, and not just in whatever
> thread was the one started first...

The alternative would be worse.  For example, the effective mask would
be nonsense if were shared between threads.

--Andy


More information about the devel mailing list