From: Philippe Guibert <philippe.guibert@6wind.com>
Date: Tue, 26 Mar 2019 07:56:15 +0000 (+0100)
Subject: bfdd: add sys_admin capability and net_raw capability
X-Git-Tag: base_7.2~355^2~19
X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=4e6b48d3dbd067f633a5d3f8c5d5ef4cb58a03a0;p=matthieu%2Ffrr.git

bfdd: add sys_admin capability and net_raw capability

in order to be able to create sockets on separate namespaces, add the
privs setting needed.
the former capability is needed to use SO_BINDTODEVICE option.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
---

diff --git a/bfdd/bfdd.c b/bfdd/bfdd.c
index 6023b5e4f0..a7643c1345 100644
--- a/bfdd/bfdd.c
+++ b/bfdd/bfdd.c
@@ -39,7 +39,7 @@ DEFINE_MTYPE(BFDD, BFDD_NOTIFICATION, "short-lived control notification data");
 struct thread_master *master;
 
 /* BFDd privileges */
-static zebra_capabilities_t _caps_p[] = {ZCAP_BIND};
+static zebra_capabilities_t _caps_p[] = {ZCAP_BIND, ZCAP_SYS_ADMIN, ZCAP_NET_RAW};
 
 struct zebra_privs_t bfdd_privs = {
 #if defined(FRR_USER) && defined(FRR_GROUP)