Revert "libxtables: refuse to run under file capabilities"

This reverts commit a2a733e9f0da779bbe009736644f4481e22ca3d1.

The new iptables 1.8.12 release is broken on docker, pinpointed to the
getauxval() change that apparently can be nonzero in presence of LSMs.

That makes getauxval() useless for the purpose of detecting a setcap binary.
So revert this.

Bugzilla: https://bugzilla.netfilter.org/show_bug.cgi?id=1830
Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index 51706dc456466acd7e3d653e41482c8adf90d5c4..1e1f4f788f60823b1dc9812cd7d2421dd8f5cfd0 100644 (file)
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -31,7 +31,6 @@
 #include <netinet/ether.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
-#include <sys/auxv.h>
 #include <sys/statfs.h>
 #include <sys/types.h>
 #include <sys/utsname.h>
@@ -332,8 +331,8 @@ void xtables_announce_chain(const char *name)
 
 void xtables_init(void)
 {
-       /* xtables cannot be used with setuid/setcap in a safe way. */
-       if (getuid() != geteuid() || getauxval(AT_SECURE))
+       /* xtables cannot be used with setuid in a safe way. */
+       if (getuid() != geteuid())
                _exit(111);
 
        xtables_libdir = getenv("XTABLES_LIBDIR");