]> git.ipfire.org Git - thirdparty/squid.git/commitdiff
projects / thirdparty / squid.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5c63411)
Set cap_net_admin capability when Squid sets TOS/Diffserv packet values.
authorChristos Tsantilas <chtsanti@users.sourceforge.net>
Thu, 22 Jan 2015 11:02:31 +0000 (13:02 +0200)
committerChristos Tsantilas <chtsanti@users.sourceforge.net>
Thu, 22 Jan 2015 11:02:31 +0000 (13:02 +0200)
In capabilities-capable environments (e.g., Linux with libcap), CAP_NET_ADMIN
capability is required to honor clientside_tos and tcp_outgoing_tos
directives. The code was setting that capability when Netfilter marks or
tproxy was enabled, but missed the clientside_tos and tcp_outgoing_tos cases.

This is a Measurement Factory project

src/tools.cc patch | blob | blame | history

diff --git a/src/tools.cc b/src/tools.cc
index bddc09e348c12763de95e1a05ae24f925f9dc649..e4668c5c8faec6594d9d4abe997ffea3554d60b5 100644 (file)
--- a/src/tools.cc
+++ b/src/tools.cc
@@ -1197,7 +1197,10 @@ restoreCapabilities(bool keep)
         cap_value_t cap_list[10];
         cap_list[ncaps] = CAP_NET_BIND_SERVICE;
         ++ncaps;
-        if (Ip::Interceptor.TransparentActive() || Ip::Qos::TheConfig.isHitNfmarkActive() || Ip::Qos::TheConfig.isAclNfmarkActive()) {
+        if (Ip::Interceptor.TransparentActive() ||
+            Ip::Qos::TheConfig.isHitNfmarkActive() ||
+            Ip::Qos::TheConfig.isAclNfmarkActive() ||
+            Ip::Qos::TheConfig.isAclTosActive()) {
             cap_list[ncaps] = CAP_NET_ADMIN;
             ++ncaps;
         }
Mirror of https://github.com/squid-cache/squid.git