From 1bc2695744c729804af32d48ce68854cba4de8f7 Mon Sep 17 00:00:00 2001 From: Ondrej Zajicek Date: Tue, 10 May 2011 02:42:17 +0200 Subject: Allows run with restricted privileges. Adds option -u and -g to specify user and group. When different user (than root) is specified, linux capabilities CAP_NET_* are kept. --- sysdep/cf/README | 2 ++ sysdep/cf/linux-22.h | 2 ++ sysdep/cf/linux-v6.h | 2 ++ 3 files changed, 6 insertions(+) (limited to 'sysdep/cf') diff --git a/sysdep/cf/README b/sysdep/cf/README index 15a45a6..3b5bcd4 100644 --- a/sysdep/cf/README +++ b/sysdep/cf/README @@ -6,6 +6,7 @@ CONFIG_SELF_CONSCIOUS We're able to recognize whether route was installed by us CONFIG_MULTIPLE_TABLES The kernel supports multiple routing tables CONFIG_ALL_TABLES_AT_ONCE Kernel scanner wants to process all tables at once CONFIG_MC_PROPER_SRC Multicast packets have source address according to socket saddr field +CONFIG_RESTRICTED_PRIVILEGES Implements restricted privileges using drop_uid() CONFIG_UNIX_IFACE Use Unix interface scanner CONFIG_UNIX_SET Use Unix route setting @@ -19,3 +20,4 @@ CONFIG_UNNUM_MULTICAST krt-iface: We support multicasts on unnumbered PtP device CONFIG_LINUX_MC_MREQN Linux: Use struct mreqn for multicasting CONFIG_LINUX_MC_MREQ Linux: Use struct mreq CONFIG_LINUX_MC_MREQ_BIND Linux: Use struct mreq and SO_BINDTODEVICE + diff --git a/sysdep/cf/linux-22.h b/sysdep/cf/linux-22.h index 9ccab64..51b339d 100644 --- a/sysdep/cf/linux-22.h +++ b/sysdep/cf/linux-22.h @@ -17,6 +17,8 @@ #define CONFIG_LINUX_MC_MREQN #define CONFIG_UNIX_DONTROUTE +#define CONFIG_RESTRICTED_PRIVILEGES + /* Link: sysdep/linux/netlink Link: sysdep/linux diff --git a/sysdep/cf/linux-v6.h b/sysdep/cf/linux-v6.h index ef52ee4..467d772 100644 --- a/sysdep/cf/linux-v6.h +++ b/sysdep/cf/linux-v6.h @@ -19,6 +19,8 @@ #define CONFIG_MULTIPLE_TABLES #define CONFIG_ALL_TABLES_AT_ONCE +#define CONFIG_RESTRICTED_PRIVILEGES + /* Link: sysdep/linux/netlink Link: sysdep/linux -- cgit v1.2.3