bgpd,ospfd: add sys_admin capabilities

This capability, when used, is mapped over linux sys_admin capability.
This is necessary from the daemon perspective, in order to handle NETNS
based VRFs, because calling setns() requires sys admin capability.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>

diff --git a/bgpd/bgp_main.c b/bgpd/bgp_main.c
index 82c74e4afa5b971e0531405790096cba255f19d2..30b7afff9280f974d7804e537fa60493d94febfa 100644 (file)
--- a/bgpd/bgp_main.c
+++ b/bgpd/bgp_main.c
@@ -106,7 +106,7 @@ static int retain_mode = 0;
 
 /* privileges */
 static zebra_capabilities_t _caps_p[] = {
-       ZCAP_BIND, ZCAP_NET_RAW, ZCAP_NET_ADMIN,
+       ZCAP_BIND, ZCAP_NET_RAW, ZCAP_NET_ADMIN, ZCAP_SYS_ADMIN
 };
 
 struct zebra_privs_t bgpd_privs = {

diff --git a/ospfd/ospf_main.c b/ospfd/ospf_main.c
index 7bd644f43d676d73c95049e61ad89571348f9ada..8dbf39ef5df9e70bfe8c87e4e1db5188edaadf8b 100644 (file)
--- a/ospfd/ospf_main.c
+++ b/ospfd/ospf_main.c
@@ -55,7 +55,7 @@
 
 /* ospfd privileges */
 zebra_capabilities_t _caps_p[] = {
-       ZCAP_NET_RAW, ZCAP_BIND, ZCAP_NET_ADMIN,
+       ZCAP_NET_RAW, ZCAP_BIND, ZCAP_NET_ADMIN, ZCAP_SYS_ADMIN
 };
 
 struct zebra_privs_t ospfd_privs = {