What's the policy about capabilities for executables in Arch packages? I'm asking since in my setup I'm running wpa_supplicant as the 'nobody' user, but I let it keep the NET_ADMIN and NET_RAW capabilities (excerpt from the .service file): User=nobody SupplementaryGroups=rfkill CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW The executable needs to have those capabilities on the executable in order to keep them when switching to user `nobody`, so I set them with: setcap 'cap_net_raw=ep cap_net_admin=ep' /usr/bin/wpa_supplicant I'd suggest (and send a patch) to add these capabilities in the next update to the package if that's acceptable. PS. wpa_supplicant is still not updated from version 2.3 which doesn't work with the wifi interface in the 4addr mode, bridged and with the -b option of wpa_supplicant. 2.4 and 2.5 work in that scenario. so I hope an update is due. -- damjan
