]> git.puffer.fish Git - matthieu/frr.git/commitdiff
projects / matthieu / frr.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e52a638)
bfdd: add sys_admin capability and net_raw capability
authorPhilippe Guibert <philippe.guibert@6wind.com>
Tue, 26 Mar 2019 07:56:15 +0000 (08:56 +0100)
committerPhilippe Guibert <philippe.guibert@6wind.com>
Tue, 7 May 2019 13:49:39 +0000 (15:49 +0200)
in order to be able to create sockets on separate namespaces, add the
privs setting needed.
the former capability is needed to use SO_BINDTODEVICE option.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
bfdd/bfdd.c patch | blob | history

diff --git a/bfdd/bfdd.c b/bfdd/bfdd.c
index 6023b5e4f0a533194727e3ef67f9a2bc9844107d..a7643c13453b7a423c345556c6c8c0c2a96cca45 100644 (file)
--- a/bfdd/bfdd.c
+++ b/bfdd/bfdd.c
@@ -39,7 +39,7 @@ DEFINE_MTYPE(BFDD, BFDD_NOTIFICATION, "short-lived control notification data");
 struct thread_master *master;
 
 /* BFDd privileges */
-static zebra_capabilities_t _caps_p[] = {ZCAP_BIND};
+static zebra_capabilities_t _caps_p[] = {ZCAP_BIND, ZCAP_SYS_ADMIN, ZCAP_NET_RAW};
 
 struct zebra_privs_t bfdd_privs = {
 #if defined(FRR_USER) && defined(FRR_GROUP)
Unnamed repository; edit this file 'description' to name the repository.