> Am 06.08.2019 um 12:05 schrieb Iain Learmonth <irl@debian.org>: > > Hi, > > On 06/08/2019 10:35, Thomas Osterried wrote: >> about capabilities: yes, this may be a more secure approach. >> But I just testet setcap cap_net_raw=ep without success. > > I've not tested this yet, but I suspect cap_net_admin may also be required. ack. works: setcap cap_net_raw,cap_net_admin=ep .....