proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-06-14 13:22:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

lib/privs: Don't use CAP_NET_BROADCAST

Browse Source 
From what I can tell, CAP_NET_BROADCAST has never been required for any
functionality in the Linux kernel, so we do not really need it.

However, it causes breakage in contexts where Quagga is started with a
limited set of capabilities, e.g. in Docker, because these may not
include CAP_NET_BROADCAST and in the case of Docker do not even support
adding CAP_NET_BROADCAST.

Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This commit is contained in:
Christian Franke 2015-05-13 13:59:18 +02:00 committed by Donald Sharp
parent 0b16a517f4
commit 1b32203911
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/privs.c
View File

@ -102,8 +102,7 @@ static struct
#ifdef HAVE_LCAPS /* Quagga -> Linux capabilities mappings */
[ZCAP_SETID] = { 2, (pvalue_t []) { CAP_SETGID,
CAP_SETUID }, },
[ZCAP_BIND] = { 2, (pvalue_t []) { CAP_NET_BIND_SERVICE,
CAP_NET_BROADCAST }, },
[ZCAP_BIND] = { 2, (pvalue_t []) { CAP_NET_BIND_SERVICE }, },
[ZCAP_NET_ADMIN] = { 1, (pvalue_t []) { CAP_NET_ADMIN }, },
[ZCAP_NET_RAW] = { 1, (pvalue_t []) { CAP_NET_RAW }, },
[ZCAP_CHROOT] = { 1, (pvalue_t []) { CAP_SYS_CHROOT, }, },