privs: add capability CAP_SYS_NICE.

author Jason Ish <ish@unx.ca>

Mon, 13 Jun 2016 18:44:28 +0000 (12:44 -0600)

committer Victor Julien <victor@inliniac.net>

Mon, 20 Jun 2016 16:03:38 +0000 (18:03 +0200)
author Jason Ish <ish@unx.ca>
Mon, 13 Jun 2016 18:44:28 +0000 (12:44 -0600)
committer Victor Julien <victor@inliniac.net>
Mon, 20 Jun 2016 16:03:38 +0000 (18:03 +0200)
diff --git a/src/util-privs.c b/src/util-privs.c

index e6e3d6c591a8baf9c33ca20bd6a50d05e4ddf344..9b2a0058f6f3b937e49e739c4cebafb561ade710 100644 (file)
--- a/src/util-privs.c
+++ b/src/util-privs.c
@@ -76,16 +76,18 @@ void SCDropMainThreadCaps(uint32_t userid, uint32_t groupid)
          case RUNMODE_AFP_DEV:
              capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
                      CAP_NET_RAW,            /* needed for pcap live mode */
+                    CAP_SYS_NICE,
                      -1);
              break;
          case RUNMODE_PFRING:
              capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
-                    CAP_NET_ADMIN, CAP_NET_RAW,
+                    CAP_NET_ADMIN, CAP_NET_RAW, CAP_SYS_NICE,
                      -1);
              break;
          case RUNMODE_NFQ:
              capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
                      CAP_NET_ADMIN,          /* needed for nfqueue inline mode */
+                    CAP_SYS_NICE,
                      -1);
              break;
      }
author	Jason Ish <ish@unx.ca>
	Mon, 13 Jun 2016 18:44:28 +0000 (12:44 -0600)
committer	Victor Julien <victor@inliniac.net>
	Mon, 20 Jun 2016 16:03:38 +0000 (18:03 +0200)