Modify the capability-dropping logic to specifically retain CAP_NET_ADMIN if it
is initially provided, in adherence to least-privilege principles.
Details:
1. Update the `drop_excess_capabilities` function to only drop capabilities that
are unnecessary, retaining CAP_NET_ADMIN when needed for setting the socket
mark.
2. Introduce logic in `set_socket_mark` to temporarily elevate CAP_NET_ADMIN
into the effective set for the duration of the packet mark setting
operation.
projects / thirdparty / mtr.git / commit
