yarrick
Do not panic if not root
Hello.
Given the systemd (or a similar system manager) is available, it should be possible to run iodined with very restricted privileges and on behalf of a non-root user (even a dynamically generated one), granting additional capabilities via AmbientCapabilities=. Hence, unconditional panic in check_superuser() should be avoided. So, instead of calling check_superuser(), at least on Linux, there should be a check against required capability (there's libcap-ng for this). For creating a tun device it'd be CAP_NET_ADMIN, for binding on port 53 it's CAP_NET_BIND_SERVICE, for changing the user it is CAP_SETUID and CAP_SETGID.
Thanks.
Could someone merge this?
We need this functionality too.
I want running iodine inside high security container with apparmor protections
