On Mon, Nov 16, 2015 at 09:00:28PM +0100, Damjan Georgievski wrote:
> >> What's the policy about capabilities for executables in Arch packages?
> >
> > I _guess_ that capabilities are used to avoid SUID binaries when this is
> > secure.
>
> well, also, unless you set capabilities on the executable
>> What's the policy about capabilities for executables in Arch packages?
>
> I _guess_ that capabilities are used to avoid SUID binaries when this is
> secure.
well, also, unless you set capabilities on the executable a process
can't have capabilities when a non-root process execs the executable
On Mon, Nov 16, 2015 at 07:51:30PM +0100, Damjan Georgievski wrote:
> What's the policy about capabilities for executables in Arch packages?
I _guess_ that capabilities are used to avoid SUID binaries when this is
secure.
> I'm asking since in my setup I'm running wpa_supplicant as the
> 'nobody'
What's the policy about capabilities for executables in Arch packages?
I'm asking since in my setup I'm running wpa_supplicant as the
'nobody' user, but I let it keep the NET_ADMIN and NET_RAW
capabilities (excerpt from the .service file):
User=nobody
SupplementaryGroups=rfkill
CapabilityBounding
4 matches
Mail list logo
