buer: privilege: Update network privileged programs to make use only of cap_net_raw=ep instead of setuid

2024-10-20 21:02:54 -03:00 · 2024-10-20 21:02:54 -03:00 · ce785d832c
parent 75e6ee37dc
commit ce785d832c
1 changed files with 2 additions and 2 deletions
--- a/operating-systems/buer/privilege.scm
+++ b/operating-systems/buer/privilege.scm
@ -48,7 +48,7 @@
 (define network
  (list (privileged-program
          (program (file-append inetutils "/bin/ping"))
-          (setuid? #t))
+          (capabilities "cap_net_raw=ep"))
        (privileged-program
          (program (file-append inetutils "/bin/ping6"))
-          (setuid? #t))))
+          (capabilities "cap_net_raw=ep"))))