From aac5eefccd859e5bed50a3772d90f20d46c575fa Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Mon, 22 Feb 2016 21:51:31 +0100
Subject: Retain CAP_NET_ADMIN if a packet mark is configured and dynamic binds
 are required

---
 src/types.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/types.h')

diff --git a/src/types.h b/src/types.h
index 0792e1b..523efa2 100644
--- a/src/types.h
+++ b/src/types.h
@@ -74,7 +74,7 @@ typedef enum fastd_drop_caps {
 	DROP_CAPS_OFF,		/**< The capabilities aren't dropped at all */
 	DROP_CAPS_ON,		/**< The capabilities are dropped after executing the on-up command */
 	DROP_CAPS_EARLY,	/**< The capabilities are dropped before executing the on-up command */
-	DROP_CAPS_FORCE,        /**< The capabilities are dropped before executing the on-up command; CAP_NET_ADMIN is always dropped */
+	DROP_CAPS_FORCE,        /**< The capabilities are dropped before executing the on-up command; CAP_NET_ADMIN is dropped even when TUN/TAP interfaces need to be opened */
 } fastd_drop_caps_t;
 
 /** Types of file descriptors to poll on */
-- 
cgit v1.2.3