> OpenWrt has procd-ujail, to set capabilities with it: > https://github.com/openwrt/openwrt/blob/master/package/utils/busybox/files/sysntpd#L80 > https://github.com/openwrt/openwrt/blob/master/package/utils/busybox/files/ntpd.capabilities
Thanks Etienne for the pointers and letting us know that jailing needs to be enabled for capabilities to work. Thanks, Ravi -----Original Message----- From: Etienne Champetier <champetier.etie...@gmail.com> Sent: Tuesday, August 16, 2022 5:34 PM To: Ravi Paluri (QUIC) <quic_rpal...@quicinc.com> Cc: openwrt-devel@lists.openwrt.org Subject: Re: Setting Linux Capabilities WARNING: This email originated from outside of Qualcomm. Please be wary of any links or attachments, and do not enable macros. Hi Ravi, Le mar. 16 août 2022 à 07:52, Ravi Paluri (QUIC) <quic_rpal...@quicinc.com> a écrit : > > Hi Team, > We would like to set below capabilities for our process. > * CAP_NET_ADMIN > * CAP_NET_RAW > > Do we need to use APIs mentioned in https://linux.die.net/man/3/cap_set_flag > and https://linux.die.net/man/3/cap_set_proc to get this functionality? > > On Systemd, I see that this can be achieved by writing below lines in a > service file. > CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW > AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW > > So, would like to know if there is any thing similar that can be done in > procd init scripts? OpenWrt has procd-ujail, to set capabilities with it: https://github.com/openwrt/openwrt/blob/master/package/utils/busybox/files/sysntpd#L80 https://github.com/openwrt/openwrt/blob/master/package/utils/busybox/files/ntpd.capabilities Best Etienne > Thanks, > Ravi _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
