@bascule You could always use local ip routing/firewall system to forward the low port to a unprivileged high port.
-
-
-
@miah_ or I could use capabilities! :O -
@bascule CAP_NET_BIND_SERVICE (as your probably already aware) should be the one. -
@miah_ I am using cap_net_bind_service and it’s sweet
End of conversation
New conversation -
-
-
@bascule priv separation daemons. no complex security extensions required. works with existing, well audited code bases. -
@newshtwit check muh twittarz
End of conversation
New conversation -
-
-
@bascule sorry lol, I see now, you already know about cap net bind service.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@bascule Going to assume you've not heard of 'setcap' / libcap2-bin. "setcap 'cap_net_bind_service=+ep' /opt/haproxy/embedded/sbin/haproxy"Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@bascule AAA++++ permissions!!! Would GRANT again!Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@bascule you can do most of it with selinux and at the same time nothing, because you have to change every bin/lib then.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.