git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Timo Rothenpieler <timo@rothenpieler.org>
	Sat, 14 May 2022 10:37:17 +0000 (12:37 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Thu, 11 Aug 2022 09:59:08 +0000 (11:59 +0200)
commit	2e359a088226ab1e5ee41fbab27d38d8a8d192ac
tree	91b963457a49009d7cff6a6c0dd2142e8c9cad9b	tree
parent	3cb40b22ae6133eb7b000347abbe392c3dbabeac	commit \| diff

Linux: Retain CAP_NET_ADMIN when dropping privileges

On Linux, when dropping privileges, interaction with
the network configuration, such as tearing down routes
or ovpn-dco interfaces will fail when --user/--group are
used.

This patch sets the CAP_NET_ADMIN capability, which grants
the needed privileges during the lifetime of the OpenVPN
process when dropping root privileges.

Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
Reviewed-By: David Sommerseth <davids@openvpn.net>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <20220514103717.235-1-timo@rothenpieler.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg24360.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

configure.ac		diff \| blob \| blame \| history
distro/systemd/openvpn-client@.service.in		diff \| blob \| blame \| history
distro/systemd/openvpn-server@.service.in		diff \| blob \| blame \| history
src/openvpn/init.c		diff \| blob \| blame \| history
src/openvpn/platform.c		diff \| blob \| blame \| history
src/openvpn/platform.h		diff \| blob \| blame \| history