[tingletech]

is that no longer true?

[bhaney]

No, now you have the option of using CAP_NET_BIND_SERVICE

[63stack]

There is also net.ipv4.ip_unprivileged_port_start

[jcgl]

If the application supports it, there’s also systemd socket activation (or traditional inetd sorta stuff too if that fits)

[jcgl]

Forgot to mention: you can use systemd-socket-proxyd to bridge to an application that doesn't support socket activation too: https://www.man7.org/linux/man-pages/man8/systemd-socket-pro...