Hello, Maxim Cournoyer <maxim.courno...@gmail.com> writes:
> Hello, > > It'd be useful to be able to specify POSIX capabilities a Shepherd > service should have, for example for an unprivileged process to be able > to bind to ports lower than 1024. > > This came up while reviewing #63082, which patch 10/16 (now dropped > because of loss of functionality) suggested to let the user/group change > be effected by Shepherd instead of by MPD itself (see: > https://issues.guix.gnu.org/63082#98). > > I know that NixOS has some mechanism to do that; I think it was a simple > shell script wrapper setting the capabilities, but that's all I > remember. I believe that's now possible since commit 71f0676a29 ("privilege: Add POSIX capabilities(7) support."). Thank you, Tobias! Closing. -- Thanks, Maxim
