On Wed, Jul 22, 2015 at 1:25 PM, Lennart Poettering <mzerq...@0pointer.de> wrote: > On Mon, 20.07.15 13:20, Florian Weimer (fwei...@redhat.com) wrote: > >> (d) Change the Go program to optionally drop capabilities and switch the >> user. Do not use fscaps, and keep running it as full root initially. >> This is the cleanest approach and what other services use, but I don't >> think Go currently supports switching credentials in all threads in the >> process. > > Note that caps are weird on Linux. AFAIR they actually apply to > all kinds of tasks, including threads, not just processes. IIRC Go > does not give you control when exactly it creates threads, no? This > makes it difficult to drops caps sanely if you want to ensure they are > dropped in all threads at the same time, and not just in whatever > thread was the one started first...
The alternative would be worse. For example, the effective mask would be nonsense if were shared between threads. --Andy -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
