[Pkg-swan-devel] Add support dropping capabilities
xalloc
xalloc at protonmail.com
Tue May 21 15:02:08 BST 2019
Thank you,
I was wrong, that capability was actually enabled. The problem was Ubuntu Apparmor, so I disabled that module.
Regards
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
Il mercoledì 15 maggio 2019 16:18, Yves-Alexis Perez <corsac at debian.org> ha scritto:
> On Wed, 2019-05-15 at 08:02 +0000, xalloc wrote:
>
> > Hello,
> > would you guys please compile Strongswan to support dropping capabilities,
> > so the base Debian/Ubuntu package can be run unprivileged by default?
> > These are the details I'm speaking about, first section:
> > https://wiki.strongswan.org/projects/strongswan/wiki/ReducedPrivileges
>
> Capabilities dropping should be enabled, see
> https://sources.debian.org/src/strongswan/5.7.2-1/debian/rules/#L70
>
> If that doesn't work, could you please open a bug? It seems to work just fine
> for me:
>
> getpcaps $(pidof charon)
> Capabilities for `2446': = cap_dac_override,cap_net_admin,cap_net_raw,cap_audit_write+eip
>
> Regards,
>
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Yves-Alexis
More information about the Pkg-swan-devel
mailing list