BUG/MINOR: cfgparse-tcp: relax namespace bind check

Commit 5cbb278 introduced cap_sys_admin support, and enforced checks for
both binds and servers. However, when binding into a namespace, the bind
is done before dropping privileges. Hence, checking that we have
cap_sys_admin capability set in this case is not needed (and it would
decrease security to add it).
For users starting haproxy with other user than root and without
cap_sys_admin, bind should have already failed.
As a consequence, relax runtime check for binds into a namespace.

diff --git a/src/cfgparse-tcp.c b/src/cfgparse-tcp.c
index 2c214f3d823ea1600438a3d8878d703c6f4f4d18..e60a18a54f67664491d554f320628e8a00c99888 100644 (file)
--- a/src/cfgparse-tcp.c
+++ b/src/cfgparse-tcp.c
@@ -173,7 +173,6 @@ static int bind_parse_namespace(char **args, int cur_arg, struct proxy *px, stru
                ha_alert("Cannot open namespace '%s'.\n", args[cur_arg + 1]);
                return ERR_ALERT | ERR_FATAL;
        }
-       global.last_checks |= LSTCHK_SYSADM;
 
        return 0;
 }