third-party-mirrors/sslh
1
0
Fork 0
mirror of https://github.com/yrutschle/sslh.git synced 2025-06-16 15:22:27 +03:00
Code Issues Packages Projects Releases Wiki Activity

changed CAP_NET_ADMIN to CAP_NET_RAW as it's enough

Browse Source
This commit is contained in:
yrutschle 2021-05-11 06:44:27 +02:00
parent 79f49f4481
commit c41ec489e0
2 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ChangeLog
View File

@ -20,10 +20,10 @@ vNEXT:
Warn about unknown settings in the configuration Warn about unknown settings in the configuration
file. file.
Added per-protocol `transparent` option. The option Added per-protocol `transparent` option. sslh-fork
requires CAP_NET_ADMIN to work. sslh-fork drops the drops the capability after creating the server-side
capability after creating the server-side transparent socket. Transparent now uses CAP_NET_RAW
transparent socket. instead of CAP_NET_ADMIN.
v1.21: 11JUL2020 v1.21: 11JUL2020
WARNING: WARNING:

4
common.c
View File

@ -801,7 +801,7 @@ static int use_transparent(void)
} }
/* set needed capabilities for effective and permitted, clear rest /* set needed capabilities for effective and permitted, clear rest
* IN: cap_net_admin: set to 1 to set CAP_NET_ADMIN * IN: cap_net_admin: set to 1 to set CAP_NET_RAW
* */ * */
void set_capabilities(int cap_net_admin) { void set_capabilities(int cap_net_admin) {
#ifdef LIBCAP #ifdef LIBCAP
@ -811,7 +811,7 @@ void set_capabilities(int cap_net_admin) {
int ncap = 0; int ncap = 0;
if (cap_net_admin) if (cap_net_admin)
cap_list[ncap++] = CAP_NET_ADMIN; cap_list[ncap++] = CAP_NET_RAW;
caps = cap_init(); caps = cap_init();