diff options
author | Matthias Schiffer <mschiffer@universe-factory.net> | 2016-02-22 21:29:04 +0100 |
---|---|---|
committer | Matthias Schiffer <mschiffer@universe-factory.net> | 2016-02-22 21:29:04 +0100 |
commit | 55aa537fb54a9c01820d4638babccdc8f8a0ef04 (patch) | |
tree | d5081deaaed2d60a851999d772dcb86d1b04aac8 /src/capabilities.c | |
parent | 69c830f36376058df238bda39d15d42a0507af53 (diff) | |
download | fastd-55aa537fb54a9c01820d4638babccdc8f8a0ef04.tar fastd-55aa537fb54a9c01820d4638babccdc8f8a0ef04.zip |
Add "drop privileges force" option which allows to drop CAP_NET_ADMIN even when fastd thinks it might still need it
Diffstat (limited to 'src/capabilities.c')
-rw-r--r-- | src/capabilities.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/capabilities.c b/src/capabilities.c index 1feabba..f72b7f9 100644 --- a/src/capabilities.c +++ b/src/capabilities.c @@ -76,7 +76,7 @@ static void try_cap(cap_value_t cap) { /** Returns true if CAP_NET_ADMIN should be retained */ static bool need_cap_net_admin(void) { - return !fastd_config_persistent_ifaces(); + return !fastd_config_persistent_ifaces() && conf.drop_caps != DROP_CAPS_FORCE; } /** Returns true if CAP_NET_RAW should be retained */ |