Attached is a documentation entry that may be useful. It describes some notes that I made at the time of this particular VM's deployment, related to various capabilities.
The VM in question was made at 2024-05-10, which both my Hyper-V manager and /etc/ motd entries confirm. Kea itself meanwhile was installed on 2024-10-21, i.e. yesterday (more or less). AppArmor itself may have been present since then. I don't know if its profiles get updated automatically. Until yesterday, there were no text changes in these files on my end. For the group assignment, the netdev group immediately came to mind. The _kea user (UID 102) is not in it, while my regular user (vim, UID 1000) is in this group. But in retrospect, that might have more to do with interface activation than it does with privileged ports. Is there a capability to run certain processes / binaries / files / UIDs on privileged ports? What are the security implications of such a thing? In the VM environment, should I care whether it runs as root or anything else? This is a reference I used for the system groups. The daemon group seems useful, but that only seems to refer to files that the daemon has control over. My guess is that the _kea user/group pair implies that this is done in a more complex manner than this group targets. https://wiki.debian.org/SystemGroups[1] -- Met vriendelijke groet, Michael De Roover -------- [1] https://wiki.debian.org/SystemGroups
2024-10-23 - Kea deployment.pdf
Description: Adobe PDF document
[Unit] Description=Kea DHCPv4 server [Service] Type=simple User=root ExecStart=kea-dhcp4 -c /etc/kea/kea-dhcp4.conf Restart=always RestartSec=0 [Install] WantedBy=multi-user.target
-- ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
