Bug #2009: added CAP_NET_ADMIN for PCAP and af-packet modes.

author Alexander Gozman <a.gozman@securitycode.ru>

Thu, 19 Jan 2017 10:31:38 +0000 (13:31 +0300)

committer Victor Julien <victor@inliniac.net>

Thu, 19 Jan 2017 11:59:17 +0000 (12:59 +0100)
author Alexander Gozman <a.gozman@securitycode.ru>
Thu, 19 Jan 2017 10:31:38 +0000 (13:31 +0300)
committer Victor Julien <victor@inliniac.net>
Thu, 19 Jan 2017 11:59:17 +0000 (12:59 +0100)
diff --git a/src/util-privs.c b/src/util-privs.c

index 9b2a0058f6f3b937e49e739c4cebafb561ade710..d44cbc7b396df8a34e78a54d44d03bfdd88f7231 100644 (file)
--- a/src/util-privs.c
+++ b/src/util-privs.c
@@ -77,6 +77,7 @@ void SCDropMainThreadCaps(uint32_t userid, uint32_t groupid)
              capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
                      CAP_NET_RAW,            /* needed for pcap live mode */
                      CAP_SYS_NICE,
+                    CAP_NET_ADMIN,
                      -1);
              break;
          case RUNMODE_PFRING:
author	Alexander Gozman <a.gozman@securitycode.ru>
	Thu, 19 Jan 2017 10:31:38 +0000 (13:31 +0300)
committer	Victor Julien <victor@inliniac.net>
	Thu, 19 Jan 2017 11:59:17 +0000 (12:59 +0100)