From: Jason Ish <ish@unx.ca>
Date: Mon, 13 Jun 2016 18:44:28 +0000 (-0600)
Subject: privs: add capability CAP_SYS_NICE.
X-Git-Tag: suricata-3.1.1~25
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f0e22c91cb23415d3c095b016040d7bb7542c4a7;p=thirdparty%2Fsuricata.git

privs: add capability CAP_SYS_NICE.

Allows the setting of thread priorities after dropping privileges.
---

diff --git a/src/util-privs.c b/src/util-privs.c
index e6e3d6c591..9b2a0058f6 100644
--- a/src/util-privs.c
+++ b/src/util-privs.c
@@ -76,16 +76,18 @@ void SCDropMainThreadCaps(uint32_t userid, uint32_t groupid)
         case RUNMODE_AFP_DEV:
             capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
                     CAP_NET_RAW,            /* needed for pcap live mode */
+                    CAP_SYS_NICE,
                     -1);
             break;
         case RUNMODE_PFRING:
             capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
-                    CAP_NET_ADMIN, CAP_NET_RAW,
+                    CAP_NET_ADMIN, CAP_NET_RAW, CAP_SYS_NICE,
                     -1);
             break;
         case RUNMODE_NFQ:
             capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
                     CAP_NET_ADMIN,          /* needed for nfqueue inline mode */
+                    CAP_SYS_NICE,
                     -1);
             break;
     }