Add capabilities to allow running as non-root
Task Info (Flyspray) | |
---|---|
Opened By | - (matoro) |
Task ID | 76215 |
Type | Feature Request |
Project | Community Packages |
Category | Packages |
Version | None |
OS | All |
Opened | 2022-10-15 17:33:59 UTC |
Status | Assigned |
Assignee | Konstantin Gizdov (kgizdov) |
Details
Description: The kea documentation suggests using the following capabilities on the /usr/bin/kea-dhcp{4,6} binaries in order to allow then to run without root privileges:
setcap 'cap_net_bind_service,cap_net_raw=+ep' /opt/kea/sbin/kea-dhcp4 setcap 'cap_net_bind_service=+ep' /opt/kea/sbin/kea-dhcp6
I'm currently accomplishing this with the following pacman hook:
[Trigger] Operation = Install Operation = Upgrade Type = Package Target = kea
[Action] Description = Grant capabilities Depends = libcap When = PostTransaction Exec = /usr/bin/env bash -c "/usr/bin/setcap 'cap_net_bind_service,cap_net_raw=+ep' /usr/bin/kea-dhcp4 && /usr/bin/setcap 'cap_net_bind_service=+ep' /usr/bin/kea-dhcp6"
Would appreciate if this were added to the official package in order to help increase security by reducing the number of daemons running as root which don't need to be!