fpietrosanti
commented
11 years ago Dropping of capabilities could be also done with shell commands, from within the init script
stackoverflow.com/questions/413807/is-there-a-way-for-non-root-processes-to-bind-to-privileged-ports-1024-on-l
To further improve the GlobaLeaks security on Linux, this ticket is to drop all the non-required Linux capabilities.
The dropping of capabilities on Linux can be down with PrCtl: http://pythonhosted.org/python-prctl/