From: Christian Franke <[email protected]>
>From what I can tell, CAP_NET_BROADCAST has never been required for any
functionality in the Linux kernel, so we do not really need it.
However, it causes breakage in contexts where Quagga is started with a
limited set of capabilities, e.g. in Docker, because these may not
include CAP_NET_BROADCAST and in the case of Docker do not even support
adding CAP_NET_BROADCAST.
---
lib/privs.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/lib/privs.c b/lib/privs.c
index 3355f24..8cfd8df 100644
--- a/lib/privs.c
+++ b/lib/privs.c
@@ -102,8 +102,7 @@ static struct
#ifdef HAVE_LCAPS /* Quagga -> Linux capabilities mappings */
[ZCAP_SETID] = { 2, (pvalue_t []) { CAP_SETGID,
CAP_SETUID }, },
- [ZCAP_BIND] = { 2, (pvalue_t []) { CAP_NET_BIND_SERVICE,
- CAP_NET_BROADCAST
}, },
+ [ZCAP_BIND] = { 2, (pvalue_t []) { CAP_NET_BIND_SERVICE
}, },
[ZCAP_NET_ADMIN] = { 1, (pvalue_t []) { CAP_NET_ADMIN }, },
[ZCAP_NET_RAW] = { 1, (pvalue_t []) { CAP_NET_RAW }, },
[ZCAP_CHROOT] = { 1, (pvalue_t []) { CAP_SYS_CHROOT, }, },
--
2.0.0.rc2
_______________________________________________
Quagga-dev mailing list
[email protected]
https://lists.quagga.net/mailman/listinfo/quagga-dev
