On Fri, 2017-08-25 at 11:40 +0200, Daniel Wagner wrote:
IIRC, there were same attempts to let ConnMan run as normal user but
there was no feedback on this attempt.
Never heard back from that, either.
Anyway, from reading the LWN article on CAP_SYS_ADMIN  I would
we don't have to worry trying to figure out which capabilities
ConnMan needs as soon we add CAP_SYS_ADMIN:
To summarize: CAP_SYS_ADMIN has become the new root. If the goal of
capabilities is to limit the power of privileged programs to be less
than root, then once we give a program CAP_SYS_ADMIN the game is more
or less over. That is the manifest problem revealed from the above
analysis. However, if we look further, there is evidence of an
additional problem, one that lies in the Linux development model.
Indeed... Do we need to set the domainname in the first place? Or
hostname? Right now I don't remember which issues setting the
domainname were supposed to solve. Setting the hostname probably fails
as well(?), but keeping the same hostname makes me feel at home
independent of network :-)