GNU bug report logs - #64862
[feature request] [shepherd] Specifying POSIX capabilities on services

Previous Next

Package: guix;

Reported by: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Date: Tue, 25 Jul 2023 21:05:01 UTC

Severity: wishlist

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#64862: closed ([feature request] [shepherd] Specifying POSIX
 capabilities on services)
Date: Tue, 12 Nov 2024 06:10:02 +0000

[Message part 1 (text/plain, inline)]
Your message dated Tue, 12 Nov 2024 15:08:29 +0900
with message-id <87y11p6l2a.fsf <at> gmail.com>
and subject line Re: bug#64862: [feature request] [shepherd] Specifying POSIX capabilities on services
has caused the debbugs.gnu.org bug report #64862,
regarding [feature request] [shepherd] Specifying POSIX capabilities on services
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
64862: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=64862
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: bug-guix <bug-guix <at> gnu.org>
Subject: [feature request] [shepherd] Specifying POSIX capabilities on services
Date: Tue, 25 Jul 2023 17:04:26 -0400

Hello,

It'd be useful to be able to specify POSIX capabilities a Shepherd
service should have, for example for an unprivileged process to be able
to bind to ports lower than 1024.

This came up while reviewing #63082, which patch 10/16 (now dropped
because of loss of functionality) suggested to let the user/group change
be effected by Shepherd instead of by MPD itself (see:
https://issues.guix.gnu.org/63082#98).

I know that NixOS has some mechanism to do that; I think it was a simple
shell script wrapper setting the capabilities, but that's all I
remember.

-- 
Thanks,
Maxim



[Message part 3 (message/rfc822, inline)]
From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: 64862-done <at> debbugs.gnu.org
Cc: Tobias Geerinckx-Rice <me <at> tobias.gr>
Subject: Re: bug#64862: [feature request] [shepherd] Specifying POSIX
 capabilities on services
Date: Tue, 12 Nov 2024 15:08:29 +0900

Hello,

Maxim Cournoyer <maxim.cournoyer <at> gmail.com> writes:

> Hello,
>
> It'd be useful to be able to specify POSIX capabilities a Shepherd
> service should have, for example for an unprivileged process to be able
> to bind to ports lower than 1024.
>
> This came up while reviewing #63082, which patch 10/16 (now dropped
> because of loss of functionality) suggested to let the user/group change
> be effected by Shepherd instead of by MPD itself (see:
> https://issues.guix.gnu.org/63082#98).
>
> I know that NixOS has some mechanism to do that; I think it was a simple
> shell script wrapper setting the capabilities, but that's all I
> remember.

I believe that's now possible since commit 71f0676a29 ("privilege: Add
POSIX capabilities(7) support.").  Thank you, Tobias!

Closing.

-- 
Thanks,
Maxim
This bug report was last modified 241 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.