From: Philippe Guibert <philippe.guibert@6wind.com>
Date: Fri, 2 Mar 2018 14:20:43 +0000 (+0100)
Subject: bgpd,ospfd: add sys_admin capabilities
X-Git-Tag: frr-5.0-dev~192^2
X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=4b322ffebb13880f6fc6175acb926c225b07d117;p=matthieu%2Ffrr.git

bgpd,ospfd: add sys_admin capabilities

This capability, when used, is mapped over linux sys_admin capability.
This is necessary from the daemon perspective, in order to handle NETNS
based VRFs, because calling setns() requires sys admin capability.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
---

diff --git a/bgpd/bgp_main.c b/bgpd/bgp_main.c
index 82c74e4afa..30b7afff92 100644
--- a/bgpd/bgp_main.c
+++ b/bgpd/bgp_main.c
@@ -106,7 +106,7 @@ static int retain_mode = 0;
 
 /* privileges */
 static zebra_capabilities_t _caps_p[] = {
-	ZCAP_BIND, ZCAP_NET_RAW, ZCAP_NET_ADMIN,
+	ZCAP_BIND, ZCAP_NET_RAW, ZCAP_NET_ADMIN, ZCAP_SYS_ADMIN
 };
 
 struct zebra_privs_t bgpd_privs = {
diff --git a/ospfd/ospf_main.c b/ospfd/ospf_main.c
index 7bd644f43d..8dbf39ef5d 100644
--- a/ospfd/ospf_main.c
+++ b/ospfd/ospf_main.c
@@ -55,7 +55,7 @@
 
 /* ospfd privileges */
 zebra_capabilities_t _caps_p[] = {
-	ZCAP_NET_RAW, ZCAP_BIND, ZCAP_NET_ADMIN,
+	ZCAP_NET_RAW, ZCAP_BIND, ZCAP_NET_ADMIN, ZCAP_SYS_ADMIN
 };
 
 struct zebra_privs_t ospfd_privs = {