third-party-mirrors/sslh
1
0
Fork 0
mirror of https://github.com/yrutschle/sslh.git synced 2025-06-06 02:13:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

do not drop CAP_NET_ADMIN if any of the protocols require transparent proxying

Browse Source
This commit is contained in:
yrutschle 2021-05-08 07:44:39 +02:00
parent da3b51e056
commit 905ac95ca1
1 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
common.c
View File

@ -785,6 +785,21 @@ void set_keepcaps(int val) {
#endif #endif
} }
/* Returns true if anything requires transparent proxying. */
#ifdef LIBCAP
static int use_transparent(void)
{
if (cfg.transparent)
return 1;
for (int i = 0; i < cfg.protocols_len; i++)
if (cfg.protocols[i].transparent)
return 1;
return 0;
}
#endif
/* set needed capabilities for effective and permitted, clear rest */ /* set needed capabilities for effective and permitted, clear rest */
void set_capabilities(void) { void set_capabilities(void) {
#ifdef LIBCAP #ifdef LIBCAP
@ -793,7 +808,7 @@ void set_capabilities(void) {
cap_value_t cap_list[10]; cap_value_t cap_list[10];
int ncap = 0; int ncap = 0;
if (cfg.transparent) if (use_transparent())
cap_list[ncap++] = CAP_NET_ADMIN; cap_list[ncap++] = CAP_NET_ADMIN;
caps = cap_init(); caps = cap_init();