diff options
| author | Pawel Wieczorkiewicz <pwieczorkiewicz@suse.de> | 2015-10-06 15:35:41 +0200 |
|---|---|---|
| committer | Jiri Pirko <jiri@resnulli.us> | 2015-10-06 16:03:50 +0200 |
| commit | 49fa51c1e486a7b998840fd90e45926029c2a607 (patch) | |
| tree | 8f01674d698516176bdfd6c356ea1ebae0e9e8d8 | |
| parent | e18689c59f5143be07ff47189f27d7cddac76046 (diff) | |
| download | libteam-49fa51c1e486a7b998840fd90e45926029c2a607.tar.gz | |
teamd: add CAP_NET_RAW capability for LACP packet sockets
The CAP_NET_RAW capability is needed in order to facilitate
socket(PF_PACKET...) calls (see: packet(7)), which are used
within teamd_packet_sock_open() function.
Without the CAP_NET_RAW capability, teamd running as non-root
user is unable to add lacp ports.
Signed-off-by: Pawel Wieczorkiewicz <pwieczorkiewicz@suse.de>
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
| -rw-r--r-- | teamd/teamd.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/teamd/teamd.c b/teamd/teamd.c index 391b981..aac2511 100644 --- a/teamd/teamd.c +++ b/teamd/teamd.c @@ -1681,7 +1681,7 @@ static void teamd_context_fini(struct teamd_context *ctx) static int teamd_drop_privileges() { - cap_value_t cv[] = {CAP_NET_ADMIN, CAP_NET_BIND_SERVICE}; + cap_value_t cv[] = {CAP_NET_ADMIN, CAP_NET_BIND_SERVICE, CAP_NET_RAW}; cap_t my_caps; struct passwd *pw = NULL; struct group *grpent = NULL; @@ -1731,9 +1731,9 @@ static int teamd_drop_privileges() if ((my_caps = cap_init()) == NULL) goto error; - if (cap_set_flag(my_caps, CAP_EFFECTIVE, 2, cv, CAP_SET) < 0) + if (cap_set_flag(my_caps, CAP_EFFECTIVE, ARRAY_SIZE(cv), cv, CAP_SET) < 0) goto error; - if (cap_set_flag(my_caps, CAP_PERMITTED, 2, cv, CAP_SET) < 0) + if (cap_set_flag(my_caps, CAP_PERMITTED, ARRAY_SIZE(cv), cv, CAP_SET) < 0) goto error; if (cap_set_proc(my_caps) < 0) goto error; |