How to launch dnsmasq as dnsmasq user in a network namespace? #4940
-
Launching dnsmasq as dnsmasq user in a network namespace with firejail required /etc/firejail/dnsmasq.local
/etc/firejail/globals.local
|
Beta Was this translation helpful? Give feedback.
Replies: 4 comments 18 replies
-
Just use systemd sandboxing, way more tightly integrated.
|
Beta Was this translation helpful? Give feedback.
-
seccomp (and therefore protocol) implies nnp (if you are not root?). Which error do you get if nnp is set? |
Beta Was this translation helpful? Give feedback.
-
Summary
|
Beta Was this translation helpful? Give feedback.
-
@rusty-snake I updated #4808 accordingly. |
Beta Was this translation helpful? Give feedback.
Summary
port < net.ipv4.ip_unprivileged_port_start
), you need to be root or haveCAP_NET_BIND_SERVICE
.PR_SET_NO_NEW_PRIVS
, file capabilities are ignored.