CAP_NET_ADMIN

Mathew Heard Wed, 12 Oct 2016 03:02:20 -0700

Hi All,

I am stuck trying to get my nginx service which is launched via
SystemD to give CAP_NET_ADMIN to its workers (required for
IP_TRANSPARENT).


I have tried /etc/security/capability.conf & setcap. SystemD has the
permission whitelisted:

CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_NET_ADMIN
CAP_SYS_RESOURCE CAP_SETGID CAP_SETUID
AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_ADMIN
CAP_SYS_RESOURCE CAP_SETGID CAP_SETUID

Any advice?

Regards,
Mathew

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

CAP_NET_ADMIN

Reply via email to