Explore Go port of libcap with a simple web server.
The program web.go uses "libcap/cap" to raise and lower capabilities
in order to bind to a privileged port. Writing this code, I now
realize that Go's runtime is not really suited to minimal privilege
guarantees. The code does raise and lower the effective capability
Value needed, but to be fully robust, we're going to have to wait for
the following issue with the Go runtime to find a resolution:
https://github.com/golang/go/issues/1435
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
2 files changed