third-party-mirrors/sslh
1
0
Fork 0
mirror of https://github.com/yrutschle/sslh.git synced 2025-04-13 07:37:15 +03:00
Code Issues Packages Projects Releases Wiki Activity

changed CAP_NET_ADMIN to CAP_NET_RAW as it's enough

Browse Source
This commit is contained in:
yrutschle 2021-05-11 06:44:27 +02:00
parent 79f49f4481
commit c41ec489e0
2 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ChangeLog
View File

@ -20,10 +20,10 @@ vNEXT:
Warn about unknown settings in the configuration
file.
Added per-protocol `transparent` option. The option
requires CAP_NET_ADMIN to work. sslh-fork drops the
capability after creating the server-side
transparent socket.
Added per-protocol `transparent` option. sslh-fork
drops the capability after creating the server-side
transparent socket. Transparent now uses CAP_NET_RAW
instead of CAP_NET_ADMIN.
v1.21: 11JUL2020
WARNING:

4
common.c
View File

@ -801,7 +801,7 @@ static int use_transparent(void)
}
/* set needed capabilities for effective and permitted, clear rest
* IN: cap_net_admin: set to 1 to set CAP_NET_ADMIN
* IN: cap_net_admin: set to 1 to set CAP_NET_RAW
* */
void set_capabilities(int cap_net_admin) {
#ifdef LIBCAP
@ -811,7 +811,7 @@ void set_capabilities(int cap_net_admin) {
int ncap = 0;
if (cap_net_admin)
cap_list[ncap++] = CAP_NET_ADMIN;
cap_list[ncap++] = CAP_NET_RAW;
caps = cap_init();