From 1bc2695744c729804af32d48ce68854cba4de8f7 Mon Sep 17 00:00:00 2001
From: Ondrej Zajicek <santiago@crfreenet.org>
Date: Tue, 10 May 2011 02:42:17 +0200
Subject: Allows run with restricted privileges.

Adds option -u and -g to specify user and group.
When different user (than root) is specified,
linux capabilities CAP_NET_* are kept.
---
 sysdep/cf/README | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'sysdep/cf/README')

diff --git a/sysdep/cf/README b/sysdep/cf/README
index 15a45a6..3b5bcd4 100644
--- a/sysdep/cf/README
+++ b/sysdep/cf/README
@@ -6,6 +6,7 @@ CONFIG_SELF_CONSCIOUS	We're able to recognize whether route was installed by us
 CONFIG_MULTIPLE_TABLES	The kernel supports multiple routing tables
 CONFIG_ALL_TABLES_AT_ONCE	Kernel scanner wants to process all tables at once
 CONFIG_MC_PROPER_SRC	Multicast packets have source address according to socket saddr field
+CONFIG_RESTRICTED_PRIVILEGES	Implements restricted privileges using drop_uid()
 
 CONFIG_UNIX_IFACE	Use Unix interface scanner
 CONFIG_UNIX_SET		Use Unix route setting
@@ -19,3 +20,4 @@ CONFIG_UNNUM_MULTICAST	krt-iface: We support multicasts on unnumbered PtP device
 CONFIG_LINUX_MC_MREQN	Linux: Use struct mreqn for multicasting
 CONFIG_LINUX_MC_MREQ	Linux: Use struct mreq
 CONFIG_LINUX_MC_MREQ_BIND	Linux: Use struct mreq and SO_BINDTODEVICE
+
-- 
cgit v1.2.3