From: Jason Ish <jason.ish@oisf.net>
Date: Thu, 26 Sep 2024 17:08:57 +0000 (-0600)
Subject: threads: don't drop capabilities for packet threads
X-Git-Tag: suricata-8.0.0-beta1~837
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3b6f709331878da4ecbd1a155f00da7e61289b92;p=thirdparty%2Fsuricata.git

threads: don't drop capabilities for packet threads

Remove the call to SCDropCaps for packet processing threads. This
logic in this function is required to setup packet processing even
when the thread is provided by a library user, in which case Suricata
should not be touching is capabilities.

As SCDropCaps is currently a no-op its clear this feature needs to
be (re)designed properly, taking into consideration library users as
well.

Related ticket: https://redmine.openinfosecfoundation.org/issues/2375
---

diff --git a/src/tm-threads.c b/src/tm-threads.c
index cd9bf6df1f..2c01bd6039 100644
--- a/src/tm-threads.c
+++ b/src/tm-threads.c
@@ -240,8 +240,6 @@ static void *TmThreadsSlotPktAcqLoop(void *td)
     if (tv->thread_setup_flags != 0)
         TmThreadSetupOptions(tv);
 
-    /* Drop the capabilities for this thread */
-    SCDropCaps(tv);
     CaptureStatsSetup(tv);
     PacketPoolInit();