Web lists-archives.com

Re: thoughts about freeradius package (especially dhcp)




kjonca@xxxxxxxxxxxxxx (Kamil Jońca) writes:

> Hm. I tried to add

> AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE

> and takes off capabilities from file but without success (ie. service
> does not starts)
> Shoudl I do something else?

Does it produce any useful error messages?  Maybe this doesn't work the
way that I thought it did.  The active capabilities are the effective
ones, but ambient becomes effective after execve, so I would have expected
them to be in place for the process once systemd execs it.

-- 
Russ Allbery (rra@xxxxxxxxxx)               <http://www.eyrie.org/~eagle/>