Skip to main content
Unix & Linux

Return to Answer

added 199 characters in body
Source Link
grawity
grawity
  • 16.3k
  • 1
  • 34
  • 54

They're complete opposites:

AmbientCapabilities grants capabilities that the process normally wouldn't have started with.

CapabilityBoundingSet limits capabilities the process is allowed to obtain. It doesn't grant any.

TheFor your task, it is enough to set AmbientCapabilities to grant the privileges – the bounding set already allows everything by default, so there's no need to change the it.

Instead, the latter is meant to be a security hardening feature. Even if the service literally runs as root (uid 0) – or calls a setuid-root program like 'su' or 'sudo' – it can never gain any privileges that aren't in its bounding set.

YouBut you can (and perhaps should) set both if you're sure your service won't be directly running anything that needs higher privileges.

They're complete opposites:

AmbientCapabilities grants capabilities that the process normally wouldn't have started with.

CapabilityBoundingSet limits capabilities the process is allowed to obtain. It doesn't grant any.

The latter is meant to be a security feature. Even if the service literally runs as root (uid 0) – or calls a setuid-root program like 'su' or 'sudo' – it can never gain any privileges that aren't in its bounding set.

You can (and perhaps should) set both if you're sure your service won't be directly running anything that needs higher privileges.

They're complete opposites:

AmbientCapabilities grants capabilities that the process normally wouldn't have started with.

CapabilityBoundingSet limits capabilities the process is allowed to obtain. It doesn't grant any.

For your task, it is enough to set AmbientCapabilities to grant the privileges – the bounding set already allows everything by default, so there's no need to change the it.

Instead, the latter is meant to be a security hardening feature. Even if the service literally runs as root (uid 0) – or calls a setuid-root program like 'su' or 'sudo' – it can never gain any privileges that aren't in its bounding set.

But you can (and perhaps should) set both if you're sure your service won't be directly running anything that needs higher privileges.

Source Link
grawity
grawity
  • 16.3k
  • 1
  • 34
  • 54

They're complete opposites:

AmbientCapabilities grants capabilities that the process normally wouldn't have started with.

CapabilityBoundingSet limits capabilities the process is allowed to obtain. It doesn't grant any.

The latter is meant to be a security feature. Even if the service literally runs as root (uid 0) – or calls a setuid-root program like 'su' or 'sudo' – it can never gain any privileges that aren't in its bounding set.

You can (and perhaps should) set both if you're sure your service won't be directly running anything that needs higher privileges.