Propogate capabilities to child process #179
Open
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is not ready to commit, but just an idea I wanted to share.
Capabilities aren't shared with processes started via execve, unless you specifically manipulate the inherited capabilities before and then request the ambient capabilities to be raised
The motivation is that it's sometimes useful to be able to have erlang run commands with elevated capabilities, rather than jumping through sudo (one reason for this is that sudo is quite slow on my platform, adding around 30ms to every call, which for multiple calls is unreasonably slow). An example might be calling "ipset", normally this requires root permissions, but can be run as a non priv user if given cap_net_admin capabilities.
So on my embedded box I am marking the erlexec binary with appropriate capabilities, and these can then be passed to the binary we want to run
I suspect to complete this you might want to make the inheritance of the capabilities optional?
Note also, I think, but haven't tested, that this will work as expected with change in effective UID? There are some pitfalls though as capabilities get dropped when changing uid, so I might need to split the code and read the caps before changing uid? Unsure?
However, what's your opinion? Is this useful upstream?