This is BROKEN!
This is BROKEN!
Posted Dec 19, 2014 2:35 UTC (Fri) by foom (subscriber, #14868)In reply to: This is BROKEN! by Cyberax
Parent article: Fedora 21 and its Workstation firewall
> Erm... You can see that it's an answer by some guy named Cyberax.
Haha, did not see that. :)
You can use filesystem caps on the ejabberd binary now at least, can't you?
Posted Dec 19, 2014 2:54 UTC (Fri)
by Cyberax (✭ supporter ✭, #52523)
[Link]
However, it's a very brittle:
This is BROKEN!
Yes, and that's why it worked when I was writing the answer. I have set caps bits on ejabberd, so my solution 'worked'.
1) It doesn't survive ejabberd upgrades.
2) It's not transparent - NOBODY checks file caps.
3) It does not survive the exec() call.