Instead of setting CAP_NET_RAW on the binary, why not have systemd give the service the capability at runtime? The blackbox exporter isn't something that you run from the CLI much anyway is it?
Here's what part of my service file looks like: [Service] User=blackbox_exporter Group=blackbox_exporter AmbientCapabilities=CAP_NET_RAW ExecStart=/opt/blackbox_exporter/blackbox_exporter --config.file /opt/blackbox_exporter/config.yaml --log.level debug On Fri, Nov 10, 2017 at 10:07 AM, <nicolas.mail...@laposte.net> wrote: > > I've done the naïve > setcap cap_net_raw+ep /builddir/build/BUILDROOT/ > prometheus-blackbox-exporter-0.10.0-1.fc28.llt.x86_64/usr/ > bin/prometheus-blackbox-exporter > Maybe this is just bikeshedding, but why have you renamed the binary from blackbox_exporter to prometheus-blackbox-exporter? blackbox_exporter doesn't conflict with anything else AFAIK and renaming it is just going to confuse people when they are reading upstream documentation etc. -- Jeff Ollie The majestik møøse is one of the mäni interesting furry animals in Sweden.
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
