lib/privs: Don't use CAP_NET_BROADCAST

From what I can tell, CAP_NET_BROADCAST has never been required for any functionality in the Linux kernel, so we do not really need it. However, it causes breakage in contexts where Quagga is started with a limited set of capabilities, e.g. in Docker, because these may not include CAP_NET_BROADCAST and in the case of Docker do not even support adding CAP_NET_BROADCAST. Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
author: Christian Franke <nobody@nowhere.ws> 2015-05-13 13:59:18 +0200
committer: Donald Sharp <sharpd@cumulusnetworks.com> 2016-04-08 20:32:02 -0400
commit: 1b32203911d5d0fe6197019f2e25027f5a5f2ad4 (patch)
tree: f7726e8025979f2e48e4d37942b059e6b4bbea24 /lib/privs.c
parent: 0b16a517f41acef8477c9526f799a2c18a433a82 (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/lib/privs.c b/lib/privs.c
index 3355f24a73..8cfd8dfd5e 100644
--- a/lib/privs.c
+++ b/lib/privs.c
@@ -102,8 +102,7 @@ static struct
 #ifdef HAVE_LCAPS /* Quagga -> Linux capabilities mappings */
   [ZCAP_SETID] = 	{ 2, (pvalue_t []) { CAP_SETGID,
                                              CAP_SETUID 		}, },
-  [ZCAP_BIND] =		{ 2, (pvalue_t []) { CAP_NET_BIND_SERVICE,
-                                             CAP_NET_BROADCAST 		}, },
+  [ZCAP_BIND] =		{ 2, (pvalue_t []) { CAP_NET_BIND_SERVICE	}, },
   [ZCAP_NET_ADMIN] =	{ 1, (pvalue_t []) { CAP_NET_ADMIN		}, },
   [ZCAP_NET_RAW] = 	{ 1, (pvalue_t []) { CAP_NET_RAW		}, },
   [ZCAP_CHROOT] = 	{ 1, (pvalue_t []) { CAP_SYS_CHROOT,		}, },
author	Christian Franke <nobody@nowhere.ws>	2015-05-13 13:59:18 +0200
committer	Donald Sharp <sharpd@cumulusnetworks.com>	2016-04-08 20:32:02 -0400
commit	1b32203911d5d0fe6197019f2e25027f5a5f2ad4 (patch)
tree	f7726e8025979f2e48e4d37942b059e6b4bbea24 /lib/privs.c
parent	0b16a517f41acef8477c9526f799a2c18a433a82 (diff)