From c14649aa4593a26c7ca91b62a48d5360dde94cfe Mon Sep 17 00:00:00 2001
From: Brian Picciano <mediocregopher@gmail.com>
Date: Mon, 4 Jul 2022 16:35:16 -0600
Subject: [PATCH] Add 'dont run as root' side quest to roadmap

---
 docs/roadmap.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/docs/roadmap.md b/docs/roadmap.md
index 5626032..f611218 100644
--- a/docs/roadmap.md
+++ b/docs/roadmap.md
@@ -78,6 +78,19 @@ needed would be:
 
 - Rebranding and possibly submitting to Apple app store (bleh).
 
+### Don't run as root
+
+It's currently a pretty hard requirement for `cryptic-net daemon` to run as
+root. This is due to:
+
+- nebula's network interface root to be started.
+
+- dnsmasq listening on port 53, generally a protected port.
+
+If we can't figure out how to get these things running from the start as
+non-privileged users, we at least need to get cryptic-net to drop priveleges
+from root after initial startup.
+
 ### Plugins
 
 It would not be difficult to spec out a plugin system using nix commands.