imunes icon indicating copy to clipboard operation
imunes copied to clipboard
verified publisher icon imunes

Run imunes as non-root user

Open gcetusic opened this issue 10 years ago • 2 comments

Given the availability of the setcap command we can finely tune the capabilities of IMUNES: http://linux.die.net/man/7/capabilities

Like this: setcap cap_dac_override,cap_sys_admin,cap_net_admin,cap_net_raw=ep /usr/local/bin/imunes

In combination with some file permissions in /var/run/netns and adding IMUNES to docker group it should make it possible to run IMUNES without using sudo. This would enable us to smoothly install IMUNES through distribution packages and run it from the deskop environment without asking the users to input their passwords because the package would set the capabilites on installation.

gcetusic avatar Jul 30 '15 10:07 gcetusic

We need sudo for ip commands.

denisSal avatar Feb 03 '16 11:02 denisSal

We don't need sudo for ip with the cap_net* settings

gcetusic avatar Mar 18 '16 09:03 gcetusic