From 4b322ffebb13880f6fc6175acb926c225b07d117 Mon Sep 17 00:00:00 2001
From: Philippe Guibert <philippe.guibert@6wind.com>
Date: Fri, 2 Mar 2018 15:20:43 +0100
Subject: [PATCH] bgpd,ospfd: add sys_admin capabilities

This capability, when used, is mapped over linux sys_admin capability.
This is necessary from the daemon perspective, in order to handle NETNS
based VRFs, because calling setns() requires sys admin capability.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
---
 bgpd/bgp_main.c   | 2 +-
 ospfd/ospf_main.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/bgpd/bgp_main.c b/bgpd/bgp_main.c
index 82c74e4afa..30b7afff92 100644
--- a/bgpd/bgp_main.c
+++ b/bgpd/bgp_main.c
@@ -106,7 +106,7 @@ static int retain_mode = 0;
 
 /* privileges */
 static zebra_capabilities_t _caps_p[] = {
-	ZCAP_BIND, ZCAP_NET_RAW, ZCAP_NET_ADMIN,
+	ZCAP_BIND, ZCAP_NET_RAW, ZCAP_NET_ADMIN, ZCAP_SYS_ADMIN
 };
 
 struct zebra_privs_t bgpd_privs = {
diff --git a/ospfd/ospf_main.c b/ospfd/ospf_main.c
index 7bd644f43d..8dbf39ef5d 100644
--- a/ospfd/ospf_main.c
+++ b/ospfd/ospf_main.c
@@ -55,7 +55,7 @@
 
 /* ospfd privileges */
 zebra_capabilities_t _caps_p[] = {
-	ZCAP_NET_RAW, ZCAP_BIND, ZCAP_NET_ADMIN,
+	ZCAP_NET_RAW, ZCAP_BIND, ZCAP_NET_ADMIN, ZCAP_SYS_ADMIN
 };
 
 struct zebra_privs_t ospfd_privs = {
-- 
2.39.5