aetherscale

[unmaintained] code for a cloud provider tutorial
Log | Files | Refs | README | LICENSE

commit 98f88101704d15bf806e528799bf04a0be20cf88
parent 86f921adfa15bfe90d01cb2f7c913651b6640c29
Author: Stefan Koch <programming@stefan-koch.name>
Date:   Mon, 21 Dec 2020 21:08:43 +0100

add note that radvd on host is only temporary

Diffstat:
MREADME.md | 6+++++-
1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md @@ -64,7 +64,11 @@ the following entry in `visudo`: youruser ALL=(ALL) NOPASSWD: /usr/bin/ip, /usr/bin/radvd ``` -This is not a perfect solution but Linux capabilities inheritance to +Having `radvd` on the host machine is only a temporary solution. In a real +setup, the VPN has to manage the internal IP addresses itself. We will +probably provide an init-script template for a machine that does this. + +Requiring `sudo` is not a perfect solution but Linux capabilities inheritance to subprocesses seems quite complicated, and without inheritance we'd have to grant `CAP_NET_ADMIN` to both `ip` and `tincd`. This might be undesired, because then any user can change network devices. Another option could be to