On Wed, Jul 22, 2015 at 1:25 PM, Lennart Poettering <mzerqung@xxxxxxxxxxx> wrote: > On Mon, 20.07.15 13:20, Florian Weimer (fweimer@xxxxxxxxxx) wrote: > >> (d) Change the Go program to optionally drop capabilities and switch the >> user. Do not use fscaps, and keep running it as full root initially. >> This is the cleanest approach and what other services use, but I don't >> think Go currently supports switching credentials in all threads in the >> process. > > Note that caps are weird on Linux. AFAIR they actually apply to > all kinds of tasks, including threads, not just processes. IIRC Go > does not give you control when exactly it creates threads, no? This > makes it difficult to drops caps sanely if you want to ensure they are > dropped in all threads at the same time, and not just in whatever > thread was the one started first... The alternative would be worse. For example, the effective mask would be nonsense if were shared between threads. --Andy -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
