[privs/Solaris] Quagga should work in zones with IP instances

2007-09-18 Paul Jakma <paul.jakma@sun.com> * privs.c: definition of ZCAP_NET_ADMIN on Solaris should be PRIV_SYS_IP_CONFIG, when that's available. Thus allowing Quagga to work with in Solaris zones with exclusive IP instances.
2025-08-05 20:07:46 +00:00 · 2007-09-18 18:07:18 +00:00 · 2007-09-18 18:07:18 +00:00 · 6b148faa29
commit 6b148faa29
parent e08286bcf8
2 changed files with 12 additions and 0 deletions
--- a/lib/ChangeLog
+++ b/lib/ChangeLog
@ -1,3 +1,10 @@
+2007-09-18  Paul Jakma <paul.jakma@sun.com>
+
+	* privs.c: definition of ZCAP_NET_ADMIN on Solaris should
+	  be PRIV_SYS_IP_CONFIG, when that's available. Thus allowing
+	  Quagga to work with in Solaris zones with exclusive IP
+	  instances.
+
 2007-08-21 Denis Ovsienko

 	* sockopt.[ch]: (setsockopt_so_sendbuf, getsockopt_so_sendbuf):
--- a/lib/privs.c
+++ b/lib/privs.c
@ -117,7 +117,12 @@ static struct
  /* Quagga -> Solaris privilege mappings */
  [ZCAP_SETID] =	{ 1, (pvalue_t []) { PRIV_PROC_SETID		}, },
  [ZCAP_BIND] = 	{ 1, (pvalue_t []) { PRIV_NET_PRIVADDR		}, },
+  /* IP_CONFIG is a subset of NET_CONFIG and is allowed in zones */
+#ifdef PRIV_SYS_IP_CONFIG
+  [ZCAP_NET_ADMIN] =	{ 1, (pvalue_t []) { PRIV_SYS_IP_CONFIG	}, },
+#else
  [ZCAP_NET_ADMIN] =	{ 1, (pvalue_t []) { PRIV_SYS_NET_CONFIG	}, },
+#endif
  [ZCAP_NET_RAW] = 	{ 2, (pvalue_t []) { PRIV_NET_RAWACCESS,
                                             PRIV_NET_ICMPACCESS 	}, },
  [ZCAP_CHROOT] = 	{ 1, (pvalue_t []) { PRIV_PROC_CHROOT		}, },