[Pkg-swan-devel] Add support dropping capabilities
Yves-Alexis Perez
corsac at debian.org
Wed May 15 15:18:44 BST 2019
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Wed, 2019-05-15 at 08:02 +0000, xalloc wrote:
> Hello,
>
> would you guys please compile Strongswan to support dropping capabilities,
> so the base Debian/Ubuntu package can be run unprivileged by default?
> These are the details I'm speaking about, first section:
> https://wiki.strongswan.org/projects/strongswan/wiki/ReducedPrivileges
>
Capabilities dropping should be enabled, see
https://sources.debian.org/src/strongswan/5.7.2-1/debian/rules/#L70
If that doesn't work, could you please open a bug? It seems to work just fine
for me:
getpcaps $(pidof charon)
Capabilities for `2446': = cap_dac_override,cap_net_admin,cap_net_raw,cap_audit_write+eip
Regards,
- --
Yves-Alexis
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlzcH8QACgkQ3rYcyPpX
RFuqVAf/SROYL7TjVy1mhSKmBcc4zTPHb39GGAjLYAp/GvaHFfgSVSGoxP5zKSjz
m6zoDPmA2Aqurc8LdHO1rHk3z561je9ruKVm0qk5xy7kf/Q5t9xtpoIrhVhVtRrv
gTXKeW6dqpjX0dumIBdN0R3RzXd3Rb9zJuSnTJmBIvG23QefX8P55nEP4riLuE8M
BmYFQ8qrcK3t845+VUq9MidZ0OjWEB4AKoa3w2vC0JDoBSVpoX4kVMzU4FsGynV+
ukVMZ7/TopROsmUUPw9B2teJWVQQlaO1gwxBltkRfPaod/gmMwRnIvQ2TpRFlm1I
e769MSx5c+n0ptOIitNGKetHp4JUEw==
=nMu1
-----END PGP SIGNATURE-----
More information about the Pkg-swan-devel
mailing list