Add "drop privileges force" option which allows to drop CAP_NET_ADMIN even when fastd thinks it might still need it

author: Matthias Schiffer <mschiffer@universe-factory.net> 2016-02-22 21:29:04 +0100
committer: Matthias Schiffer <mschiffer@universe-factory.net> 2016-02-22 21:29:04 +0100
commit: 55aa537fb54a9c01820d4638babccdc8f8a0ef04 (patch)
tree: d5081deaaed2d60a851999d772dcb86d1b04aac8 /src/capabilities.c
parent: 69c830f36376058df238bda39d15d42a0507af53 (diff)
download: fastd-55aa537fb54a9c01820d4638babccdc8f8a0ef04.tar
fastd-55aa537fb54a9c01820d4638babccdc8f8a0ef04.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/src/capabilities.c b/src/capabilities.c
index 1feabba..f72b7f9 100644
--- a/src/capabilities.c
+++ b/src/capabilities.c
@@ -76,7 +76,7 @@ static void try_cap(cap_value_t cap) {
 
 /** Returns true if CAP_NET_ADMIN should be retained */
 static bool need_cap_net_admin(void) {
-	return !fastd_config_persistent_ifaces();
+	return !fastd_config_persistent_ifaces() && conf.drop_caps != DROP_CAPS_FORCE;
 }
 
 /** Returns true if CAP_NET_RAW should be retained */
author	Matthias Schiffer <mschiffer@universe-factory.net>	2016-02-22 21:29:04 +0100
committer	Matthias Schiffer <mschiffer@universe-factory.net>	2016-02-22 21:29:04 +0100
commit	55aa537fb54a9c01820d4638babccdc8f8a0ef04 (patch)
tree	d5081deaaed2d60a851999d772dcb86d1b04aac8 /src/capabilities.c
parent	69c830f36376058df238bda39d15d42a0507af53 (diff)
download	fastd-55aa537fb54a9c01820d4638babccdc8f8a0ef04.tar fastd-55aa537fb54a9c01820d4638babccdc8f8a0ef04.zip