KB Article #177465
Unable to use setcap to allow API Gateway to listen on ports < 1024 as non-root when partition is noexec
Problem
* When the API Gateway is run from a noexec partition, setcap is unable to give the gateway permission to use privileged (< 1024) ports as a non-root process.
Resolution
-- The noexec flag prevents the permissions from setcap from taking effect, so the only options are:
- Use port forwarding to remap the ports to high ports (>= 1024). This can be done locally via iptables rules set by root as well as by external network devices.
- Move the gateway to a partition that is not mounted with noexec.
- Run the API Gateway as root (not recommended).