Comment by ac29
3 years ago
Are you sure? I set up tailscale recently on Arch and the daemon is definitely running via a systemd system service (not a user service).
3 years ago
Are you sure? I set up tailscale recently on Arch and the daemon is definitely running via a systemd system service (not a user service).
I don't know the case for tailscale but systemd system services can definitely be run under a specific user/group and have sandboxing applied.
You can easily override the service unit to confine it to an unprivileged user and then assign the net admin syscap do it can do what it needs to do.