Propogate capabilities to child process

[ewildgoose]

This is not ready to commit, but just an idea I wanted to share.

Capabilities aren't shared with processes started via execve, unless you specifically manipulate the inherited capabilities before and then request the ambient capabilities to be raised

The motivation is that it's sometimes useful to be able to have erlang run commands with elevated capabilities, rather than jumping through sudo (one reason for this is that sudo is quite slow on my platform, adding around 30ms to every call, which for multiple calls is unreasonably slow). An example might be calling "ipset", normally this requires root permissions, but can be run as a non priv user if given cap_net_admin capabilities.

So on my embedded box I am marking the erlexec binary with appropriate capabilities, and these can then be passed to the binary we want to run

I suspect to complete this you might want to make the inheritance of the capabilities optional?

Note also, I think, but haven't tested, that this will work as expected with change in effective UID? There are some pitfalls though as capabilities get dropped when changing uid, so I might need to split the code and read the caps before changing uid? Unsure?

However, what's your opinion? Is this useful upstream?

[saleyn]

This is a good idea, but I would like to have the inheritance optional. I.e. introduce an option:
{capabilities, all | [capability()]}
where capability() would name the capabilities you'd like inherited, and all would inherit all that are granted to the parent.

Also please add test cases, and update the README.md with an example.

[ewildgoose]

Thanks for the encouragement!

I'm really an Elixir developer, I'll ponder the changes needed to the erlang side, but I suspect I will need help to make this happen. I'm happy for you to close this if you have no interest to run with it? I think I was proposing it as a proof of concept to see if you would volunteer to adopt it.

Thanks for the interest anyway!

[saleyn]

I'm happy to provide some guidance, though have very limitted time. I fixed your PR by adding error handling.

[saleyn]

I did some enhancements by adding the ability to pass capabilites to the child process. What's left is to add the ability to set capabilities on the exec-port (i.e. pass the desired inheritable capabilities to the exec-port executable, so that child processes could set them).

[saleyn]

@ewildgoose, if you have time to implement passing the capabilities to exec-port that it should set on startup, and test the functionaity I added that would be great. I am going to be pretty busy for the next few weeks, and may not get to it soon.