21.08.2018 1:37, Charles Sprickman via freebsd-stable wrote:
> I am so behind on all the new toys in the system. I was very embarrassed
> to find out about this feature from someone who’s primarily working
> with Linux in his day job. He was just looking to bind an Elixir app to
> 80/443
> with
> On Aug 20, 2018, at 11:04 AM, Ian Lepore wrote:
>
> On Mon, 2018-08-20 at 16:47 +0200, Stefan Bethke wrote:
>> I have a Go program (acme-dns) that wants to bind 53, 80, and 443,
>> and I´d rather have it run as a non-privileged user. The program
>> doesn´t provide a facility to drop privs aft
> Am 20.08.2018 um 18:32 schrieb Bjoern A. Zeeb
> :
>
> On 20 Aug 2018, at 16:22, Stefan Bethke wrote:
>
Is there a way to allow regular processes to bind to low ports?
>>>
>>> you have to set it on the base system; alternatively with vnet you might
>>> be able to change it per-jail.
>
20.08.2018 23:22, Stefan Bethke wrote:
> Do you feel it’s OK to enable VIMAGE in -stable? When I tried last in 2016, I
> had stability issues, I think related to pf.
It is already in HEAD's GENERIC and will be in 12.0-RELEASE soon, so in -stable
too.
I use it with stable/11 without problems bu
On 20 Aug 2018, at 16:22, Stefan Bethke wrote:
Is there a way to allow regular processes to bind to low ports?
you have to set it on the base system; alternatively with vnet you
might be able to change it per-jail.
Do you feel it’s OK to enable VIMAGE in -stable? When I tried last
in 2016
> Am 20.08.2018 um 16:59 schrieb Bjoern A. Zeeb
> :
>
> On 20 Aug 2018, at 14:47, Stefan Bethke wrote:
>
>> I have a Go program (acme-dns) that wants to bind 53, 80, and 443, and I’d
>> rather have it run as a non-privileged user. The program doesn’t provide a
>> facility to drop privs afte
20.08.2018 22:02, Stefan Bethke wrote:
>> The trick is that mac_portacl provides a way to selectively give permission
>> for non-root UID
>> to bind low ports:
>>
>> security.mac.portacl.rules=uid:88:tcp:80,uid:88:tcp:443,uid:53:tcp:53,uid:53:udp:53
>>
>> It works just fine for a host and I use i
On Mon, 2018-08-20 at 17:02 +0200, Stefan Bethke wrote:
> Am 20.08.2018 um 16:59 schrieb Eugene Grosbein :
> >
> >
> > 20.08.2018 21:47, Stefan Bethke wrote:
> >
> > >
> > > I have a Go program (acme-dns) that wants to bind 53, 80, and
> > > 443, and I’d rather have it run as a non-privileged u
20.08.2018 21:47, Stefan Bethke wrote:
> I have a Go program (acme-dns) that wants to bind 53, 80, and 443, and I’d
> rather have it run as a non-privileged user. The program doesn’t provide a
> facility to drop privs after binding the ports. I’m planning to run it in a
> jail.
>
> After some
On Mon, 2018-08-20 at 16:47 +0200, Stefan Bethke wrote:
> I have a Go program (acme-dns) that wants to bind 53, 80, and 443,
> and I’d rather have it run as a non-privileged user. The program
> doesn’t provide a facility to drop privs after binding the ports. I’m
> planning to run it in a jail.
>
Am 20.08.2018 um 16:59 schrieb Eugene Grosbein :
>
> 20.08.2018 21:47, Stefan Bethke wrote:
>
>> I have a Go program (acme-dns) that wants to bind 53, 80, and 443, and I’d
>> rather have it run as a non-privileged user. The program doesn’t provide a
>> facility to drop privs after binding the
On 20 Aug 2018, at 14:47, Stefan Bethke wrote:
I have a Go program (acme-dns) that wants to bind 53, 80, and 443, and
I’d rather have it run as a non-privileged user. The program
doesn’t provide a facility to drop privs after binding the ports.
I’m planning to run it in a jail.
After some g
12 matches
Mail list logo