From d5c887de877d994951fd9af89586e29544969c1a Mon Sep 17 00:00:00 2001 From: Stefano Brivio Date: Tue, 12 Oct 2021 23:03:01 +0200 Subject: doc: Add to man page tip to grant passt the CAP_NET_BIND_SERVICE capability Signed-off-by: Stefano Brivio --- passt.1 | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/passt.1 b/passt.1 index 554d31d..bf8228d 100644 --- a/passt.1 +++ b/passt.1 @@ -659,7 +659,12 @@ possible to bind sockets to foreign addresses. If the port forwarding configuration requires binding to port numbers lower than 1024, \fBpasst\fR and \fBpasta\fR will try to bind to them, but will fail if not running as root, or without the \fICAP_NET_BIND_SERVICE\fR Linux capability, see -\fBservices\fR(5) and \fBcapabilities\fR(7). +\fBservices\fR(5) and \fBcapabilities\fR(7). To grant the +\fICAP_NET_BIND_SERVICE\fR capability to passt, you can issue, as root: + +.RS +setcap 'cap_net_bind_service=+ep' $(which passt) +.RE .SS ICMP/ICMPv6 Echo sockets -- cgit v1.2.3