On Tue, 20 Nov 2007 17:09:35 +0100 Mikael Ståldal <[email protected]> wrote: > Hello. > > > The proper way to enable port <= 1024 binding support is adding CAP_NET_BIND_SERVICE > > to the process capability set, e.g. by using file-system capabilities. > > Is file-system capabilites part of the stable official Linux kernel? From which version? > How do I use it? > They were recently added in 2.6.24-rc1. (mostly commit b53767719b6cd8789392ea3e7e2eb7b8906898f0) The patch should be easy to backport, I've seen it in various distro kernels. According to the commit, documentation is at http://www.friedhoff.org/fscaps.html Some programs already have capability support - they drop all permissions they don't need.
Attachment:
signature.asc
Description: PGP signature
- References:
- Possibility to adjust the only-root-can-bind-to-port-under-1024 limit
- From: Mikael Ståldal <[email protected]>
- Re: Possibility to adjust the only-root-can-bind-to-port-under-1024 limit
- From: Radoslaw Szkodzinski (AstralStorm) <[email protected]>
- Possibility to adjust the only-root-can-bind-to-port-under-1024 limit
- Prev by Date: Re: [ALSA PATCH] alsa-git merge request
- Next by Date: [PATCH]new_TSC_based_delay_tsc()
- Previous by thread: Re: Possibility to adjust the only-root-can-bind-to-port-under-1024 limit
- Next by thread: Re: Possibility to adjust the only-root-can-bind-to-port-under-1024 limit
- Index(es):
 |