bug#64862: [feature request] [shepherd] Specifying POSIX capabilities on

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#64862: [feature request] [shepherd] Specifying POSIX capabilities on

From:	Maxim Cournoyer
Subject:	bug#64862: [feature request] [shepherd] Specifying POSIX capabilities on services
Date:	Tue, 12 Nov 2024 15:08:29 +0900
User-agent:	Gnus/5.13 (Gnus v5.13)

Hello,

Maxim Cournoyer <maxim.cournoyer@gmail.com> writes:

> Hello,
>
> It'd be useful to be able to specify POSIX capabilities a Shepherd
> service should have, for example for an unprivileged process to be able
> to bind to ports lower than 1024.
>
> This came up while reviewing #63082, which patch 10/16 (now dropped
> because of loss of functionality) suggested to let the user/group change
> be effected by Shepherd instead of by MPD itself (see:
> https://issues.guix.gnu.org/63082#98).
>
> I know that NixOS has some mechanism to do that; I think it was a simple
> shell script wrapper setting the capabilities, but that's all I
> remember.

I believe that's now possible since commit 71f0676a29 ("privilege: Add
POSIX capabilities(7) support.").  Thank you, Tobias!

Closing.

-- 
Thanks,
Maxim

[Prev in Thread]

Current Thread

[Next in Thread]

bug#64862: [feature request] [shepherd] Specifying POSIX capabilities on services, Maxim Cournoyer <=

Prev by Date: bug#63276: Allow channels to depend on a past Guix revision / private dependencies
Next by Date: bug#45885: [core-updates] libpng 1.6.37 non-deterministic test failure
Previous by thread: bug#63276: Allow channels to depend on a past Guix revision / private dependencies
Next by thread: bug#45885: [core-updates] libpng 1.6.37 non-deterministic test failure
Index(es):
- Date
- Thread