From 55aa537fb54a9c01820d4638babccdc8f8a0ef04 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Mon, 22 Feb 2016 21:29:04 +0100 Subject: Add "drop privileges force" option which allows to drop CAP_NET_ADMIN even when fastd thinks it might still need it --- src/config.y | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src/config.y') diff --git a/src/config.y b/src/config.y index a064d97..2e111ff 100644 --- a/src/config.y +++ b/src/config.y @@ -84,6 +84,7 @@ %token TOK_ESTABLISH %token TOK_FATAL %token TOK_FLOAT +%token TOK_FORCE %token TOK_FORWARD %token TOK_FROM %token TOK_GROUP @@ -244,6 +245,9 @@ drop_capabilities_enabled: TOK_EARLY { $$ = DROP_CAPS_EARLY; } + | TOK_FORCE { + $$ = DROP_CAPS_FORCE; + } | boolean { $$ = $1 ? DROP_CAPS_ON : DROP_CAPS_OFF; } -- cgit v1.2.3