From dabafeef18697fbd6d4e7e982798dc5e4836225c Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 20 Jan 2021 12:17:46 -0700 Subject: [PATCH] Support setcap in dev mode (XCADDY_SETCAP) When I first wrote xcaddy I was on macOS which does not require permission to bind to low ports. Now I'm on Linux. The XCADDY_SETCAP env var will cause xcaddy to run setcap on the generated temporary binary before executing it so that it can bind to low ports. This requires sudo. --- README.md | 2 +- cmd/xcaddy/main.go | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 48df5e4..41bfe84 100644 --- a/README.md +++ b/README.md @@ -125,7 +125,7 @@ Because the subcommands and flags are constrained to benefit rapid plugin protot - `CADDY_VERSION` sets the version of Caddy to build. - `XCADDY_RACE_DETECTOR=1` enables the Go race detector in the build. - `XCADDY_SKIP_CLEANUP=1` causes xcaddy to leave build artifacts on disk after exiting. - +- `XCADDY_SETCAP=1` will run `sudo setcap cap_net_bind_service=+ep` on the temporary binary before running it when in dev mode. --- diff --git a/cmd/xcaddy/main.go b/cmd/xcaddy/main.go index f2766e7..6769ae5 100644 --- a/cmd/xcaddy/main.go +++ b/cmd/xcaddy/main.go @@ -223,6 +223,16 @@ func runDev(ctx context.Context, args []string) error { return err } + if os.Getenv("XCADDY_SETCAP") == "1" { + cmd = exec.Command("sudo", "setcap", "cap_net_bind_service=+ep", binOutput) + cmd.Stdout = os.Stdout + cmd.Stderr = os.Stderr + log.Printf("[INFO] Setting capabilities (requires admin privileges): %v", cmd.Args) + if err = cmd.Run(); err != nil { + return err + } + } + log.Printf("[INFO] Running %v\n\n", append([]string{binOutput}, args...)) cmd = exec.Command(binOutput, args...)