bfdd: add sys_admin capability and net_raw capability

in order to be able to create sockets on separate namespaces, add the privs setting needed. the former capability is needed to use SO_BINDTODEVICE option. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
2025-08-06 12:52:49 +00:00 · 2019-03-26 08:56:15 +01:00 · 2019-03-26 08:56:15 +01:00 · 4e6b48d3db
commit 4e6b48d3db
parent e52a638341
1 changed files with 1 additions and 1 deletions
--- a/bfdd/bfdd.c
+++ b/bfdd/bfdd.c
@ -39,7 +39,7 @@ DEFINE_MTYPE(BFDD, BFDD_NOTIFICATION, "short-lived control notification data");
 struct thread_master *master;

 /* BFDd privileges */
-static zebra_capabilities_t _caps_p[] = {ZCAP_BIND};
+static zebra_capabilities_t _caps_p[] = {ZCAP_BIND, ZCAP_SYS_ADMIN, ZCAP_NET_RAW};

 struct zebra_privs_t bfdd_privs = {
 #if defined(FRR_USER) && defined(FRR_GROUP)