capabilities: Add support for Linux capabilities(7)

This adds capabilities for start-stop-daemon by adding --capabilities option. As a result, the user can specify the inheritable, ambient and bounding set by define capabilities in the service script. This fixes #314.
2021-06-13 19:26:24 +02:00
parent fd1e4a384a
commit 6e214b2616
14 changed files with 118 additions and 7 deletions
--- a/man/start-stop-daemon.8
+++ b/man/start-stop-daemon.8
@@ -161,6 +161,9 @@ Cmd must be an absolute pathname, but relative to the path optionally given with
 .Fl r , -chroot .
 This process must be prepared to accept input on stdin and be able to
 log it or send it to another location.
+.It Fl -capabilities Ar cap-list
+Start the daemon with the listed inheritable, ambient and bounding capabilities.
+The format is the same as in cap_iab(3).
 .It Fl w , -wait Ar milliseconds
 Wait
 .Ar milliseconds
--- a/man/supervise-daemon.8
+++ b/man/supervise-daemon.8
@@ -158,6 +158,9 @@ The logfile can also be a named pipe.
 The same thing as
 .Fl 1 , -stdout
 but with the standard error output.
+.It Fl -capabilities Ar cap-list
+Start the daemon with the listed inheritable, ambient and bounding capabilities.
+The format is the same as in cap_iab(3).
 .El
 .Sh ENVIRONMENT
 .Va SSD_IONICELEVEL