How to do setcap on existing package? #5232
-
|
I'm running an rpm-ostree based system and I'm setting up an application that requires the cap_net_admin permission for me to run it as a non-root user. The developer did not set that permission, expecting the application to run as root, although it does run just fine on mutable systems with cap_net_admin set. What would be the best way to set capabilities on rpm-ostree systems? The only discussion I can find is here: #5036, but that assumes that the package maintainer is wanting to make the change rather than an end user. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Wound up finding an alternative method - since I was running the binary as a systemd service I was able to get it up and running using AmbientCapabilities=CAP_NET_ADMIN |
Beta Was this translation helpful? Give feedback.
Wound up finding an alternative method - since I was running the binary as a systemd service I was able to get it up and running using AmbientCapabilities=CAP_NET_ADMIN
If it's OK I'll leave this here - it might save someone else a headache in the future if they're trying to do setcap on an immutable system.