[PATCH 2/2] main: add capabilities for phonet

Tuesday, 2 November 2010

Phonet sockets require CAP_SYS_ADMIN and SO_BINDTODEVICE socket
option requires CAP_NET_RAW.
---
 src/main.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/src/main.c b/src/main.c
index 93149bc..eca008e 100644
--- a/src/main.c
+++ b/src/main.c
@@ -140,7 +140,8 @@ int main(int argc, char **argv)
 	/* Drop capabilities */
 	capng_clear(CAPNG_SELECT_BOTH);
 	capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED,
-				CAP_NET_BIND_SERVICE, CAP_NET_ADMIN, -1);
+				CAP_NET_BIND_SERVICE, CAP_NET_ADMIN,
+				CAP_NET_RAW, CAP_SYS_ADMIN, -1);
 	capng_apply(CAPNG_SELECT_BOTH);
 #endif
 
-- 
1.7.0.4


    

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

[PATCH 2/2] main: add capabilities for phonet