[privs/Solaris] Quagga should work in zones with IP instances

2007-09-18  Paul Jakma <paul.jakma@sun.com>

	* privs.c: definition of ZCAP_NET_ADMIN on Solaris should
	  be PRIV_SYS_IP_CONFIG, when that's available. Thus allowing
	  Quagga to work with in Solaris zones with exclusive IP
	  instances.

diff --git a/lib/ChangeLog b/lib/ChangeLog
index 26a251713ee274d795e579838e950d3190b6635f..8125451f8b28c344236c395480c05a88def6442a 100644 (file)
--- a/lib/ChangeLog
+++ b/lib/ChangeLog
@@ -1,3 +1,10 @@
+2007-09-18  Paul Jakma <paul.jakma@sun.com>
+
+       * privs.c: definition of ZCAP_NET_ADMIN on Solaris should
+         be PRIV_SYS_IP_CONFIG, when that's available. Thus allowing
+         Quagga to work with in Solaris zones with exclusive IP
+         instances.
+
 2007-08-21 Denis Ovsienko
 
        * sockopt.[ch]: (setsockopt_so_sendbuf, getsockopt_so_sendbuf):

diff --git a/lib/privs.c b/lib/privs.c
index f4117e2634100b77ade4590f2417b2e0e24c06f2..69606f57c11d8ae8b40b531e1ffa49f2ee10dce3 100644 (file)
--- a/lib/privs.c
+++ b/lib/privs.c
@@ -117,7 +117,12 @@ static struct
   /* Quagga -> Solaris privilege mappings */
   [ZCAP_SETID] =       { 1, (pvalue_t []) { PRIV_PROC_SETID            }, },
   [ZCAP_BIND] =        { 1, (pvalue_t []) { PRIV_NET_PRIVADDR          }, },
+  /* IP_CONFIG is a subset of NET_CONFIG and is allowed in zones */
+#ifdef PRIV_SYS_IP_CONFIG
+  [ZCAP_NET_ADMIN] =   { 1, (pvalue_t []) { PRIV_SYS_IP_CONFIG }, },
+#else
   [ZCAP_NET_ADMIN] =   { 1, (pvalue_t []) { PRIV_SYS_NET_CONFIG        }, },
+#endif
   [ZCAP_NET_RAW] =     { 2, (pvalue_t []) { PRIV_NET_RAWACCESS,
                                              PRIV_NET_ICMPACCESS       }, },
   [ZCAP_CHROOT] =      { 1, (pvalue_t []) { PRIV_PROC_CHROOT           }, },