On 07/20/2015 02:34 PM, Zbigniew Jędrzejewski-Szmek wrote: > On Sat, Jul 18, 2015 at 10:42:43AM +0200, Florian Weimer wrote: >> Let's assume I want to start a service as an ordinary user, but allow to >> bind it to a privileged port. The program implementing the service does >> not manipulate capabilities in any way. > socket activation would be a much simpler and more secure alternative ;) True. :) A more generic approach which applies to other capabilities as well would be nice, though. -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
