-
Notifications
You must be signed in to change notification settings - Fork 56
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Run imunes as non-root user #41
Labels
Comments
We need sudo for |
We don't need sudo for |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Given the availability of the setcap command we can finely tune the capabilities of IMUNES:
http:https://linux.die.net/man/7/capabilities
Like this:
setcap cap_dac_override,cap_sys_admin,cap_net_admin,cap_net_raw=ep /usr/local/bin/imunes
In combination with some file permissions in /var/run/netns and adding IMUNES to docker group it should make it possible to run IMUNES without using sudo. This would enable us to smoothly install IMUNES through distribution packages and run it from the deskop environment without asking the users to input their passwords because the package would set the capabilites on installation.
The text was updated successfully, but these errors were encountered: