Issue 1491: fix capabilities for pf_ring mode when running under non-root account

author Alexander Gozman <a.gozman@securitycode.ru>

Fri, 26 Jun 2015 08:38:59 +0000 (11:38 +0300)

committer Victor Julien <victor@inliniac.net>

Mon, 6 Jul 2015 09:31:09 +0000 (11:31 +0200)
author Alexander Gozman <a.gozman@securitycode.ru>
Fri, 26 Jun 2015 08:38:59 +0000 (11:38 +0300)
committer Victor Julien <victor@inliniac.net>
Mon, 6 Jul 2015 09:31:09 +0000 (11:31 +0200)
diff --git a/src/util-privs.c b/src/util-privs.c

index 2048d12ac6fa06f1866dbce61a5995724c1387b0..635247c3e5906c45346df7ec1a38316d9ac92adb 100644 (file)
--- a/src/util-privs.c
+++ b/src/util-privs.c
@@ -80,7 +80,7 @@ void SCDropMainThreadCaps(uint32_t userid, uint32_t groupid)
              break;
          case RUNMODE_PFRING:
              capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
-                    CAP_NET_ADMIN,
+                    CAP_NET_ADMIN, CAP_NET_RAW,
                      -1);
              break;
          case RUNMODE_NFQ:
author	Alexander Gozman <a.gozman@securitycode.ru>
	Fri, 26 Jun 2015 08:38:59 +0000 (11:38 +0300)
committer	Victor Julien <victor@inliniac.net>
	Mon, 6 Jul 2015 09:31:09 +0000 (11:31 +0200)