Skip to content

Add support for Linux capabilities #458

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add support for Linux capabilities #458

wants to merge 1 commit into from

Conversation

@aanderse
Copy link
Contributor

@aanderse aanderse commented Nov 28, 2025
edited
Loading

Implement Linux capability support for services, allowing them to run with minimal required privileges instead of running as root. This uses the modern IAB (Inheritable, Ambient, Bounding) API from libcap.

  • i am still working on the documentation but i thought it was worth pushing this as-is in case i'm going in the wrong direction
  • testing some simple scenarios on my system is fine so far 🤞

resolves #454

my motivation for this feature: i recently installed finit on my home server which runs caddy as a web server cap_net_bind_service would be very helpful here

troglobit
troglobit requested changes Nov 28, 2025
View reviewed changes
Copy link
Collaborator

@troglobit troglobit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor comment, so far this looks great! 💯 Really looking forward to reading the documentation so I might actually learn capabilities, finally 😅

@aanderse aanderse force-pushed the master branch 3 times, most recently from 54ab7dd to 30e69be Compare November 30, 2025 16:34
@aanderse
Add support for Linux capabilities
be2a0ec 
Implement Linux capability support for services, allowing them to run
with minimal required privileges instead of running as root. This uses
the modern IAB (Inheritable, Ambient, Bounding) API from libcap.
@aanderse
Copy link
Contributor Author

aanderse commented Nov 30, 2025

my friend claude wrote the documentation for me... 😅 - but i'm impressed with the results!

@aanderse
Copy link
Contributor Author

aanderse commented Dec 3, 2025

i tested some services and everything worked as expected

@troglobit is there anything else you would like me to add or change before i mark this as ready for review?

@troglobit
Copy link
Collaborator

troglobit commented Dec 3, 2025

i tested some services and everything worked as expected

Cool!

@troglobit is there anything else you would like me to add or change before i mark this as ready for review?

Nope, if you're happy and feel ready then please go ahead 😊

@aanderse aanderse marked this pull request as ready for review December 3, 2025 12:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@troglobit troglobit troglobit requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Capabilities support

2 participants

@aanderse @troglobit