Package: openrc Version: 0.45.2-2 Severity: wishlist Dear maintainer,
please consider enabling capabilities support in OpenRC. Support for Linux capabilities was added in OpenRC 0.45. Capabilities support in OpenRC would be useful for different situations. The most important use cases I can see for capabilities would be: - daemons which need to bind to privileged ports. Currently these services have to be started as root, so that they can bind the ports and drop privileges afterwards. However, some daemons (e.g. ejabberd) cannot do this and are always started under their service user. As a result, they cannot bind privileged ports which would be useful in some situations; - daemons which need to modify network configuration (e.g. openvpn). Currently these services have to run as root so that they can modify the network configuration. With the appropriate set of capabilities, however it should be possible for them to be run under a less privileged user with only the permissions they actually require. Kind regards, - Dennis
