doc: Add to man page tip to grant passt the CAP_NET_BIND_SERVICE capability

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
This commit is contained in:
Stefano Brivio 2021-10-12 23:03:01 +02:00
parent 4869d309e1
commit d5c887de87

View file

@ -659,7 +659,12 @@ possible to bind sockets to foreign addresses.
If the port forwarding configuration requires binding to port numbers lower than If the port forwarding configuration requires binding to port numbers lower than
1024, \fBpasst\fR and \fBpasta\fR will try to bind to them, but will fail if not 1024, \fBpasst\fR and \fBpasta\fR will try to bind to them, but will fail if not
running as root, or without the \fICAP_NET_BIND_SERVICE\fR Linux capability, see running as root, or without the \fICAP_NET_BIND_SERVICE\fR Linux capability, see
\fBservices\fR(5) and \fBcapabilities\fR(7). \fBservices\fR(5) and \fBcapabilities\fR(7). To grant the
\fICAP_NET_BIND_SERVICE\fR capability to passt, you can issue, as root:
.RS
setcap 'cap_net_bind_service=+ep' $(which passt)
.RE
.SS ICMP/ICMPv6 Echo sockets .SS ICMP/ICMPv6 Echo sockets