Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Run imunes as non-root user #41

Open
gcetusic opened this issue Jul 30, 2015 · 2 comments
Open

Run imunes as non-root user #41

gcetusic opened this issue Jul 30, 2015 · 2 comments
Labels
enhancement help wanted linux

Comments

@gcetusic
Copy link
Contributor

Given the availability of the setcap command we can finely tune the capabilities of IMUNES:
http:https://linux.die.net/man/7/capabilities

Like this:
setcap cap_dac_override,cap_sys_admin,cap_net_admin,cap_net_raw=ep /usr/local/bin/imunes

In combination with some file permissions in /var/run/netns and adding IMUNES to docker group it should make it possible to run IMUNES without using sudo. This would enable us to smoothly install IMUNES through distribution packages and run it from the deskop environment without asking the users to input their passwords because the package would set the capabilites on installation.
@denisSal
Copy link
Member

denisSal commented Feb 3, 2016

We need sudo for ip commands.

@gcetusic
Copy link
Contributor Author

We don't need sudo for ip with the cap_net* settings

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement help wanted linux
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gcetusic @denisSal