ExternalVendorCode/ZeroTierOne
1
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2024-12-18 20:47:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add CAP_NET_BIND_SERVICE to capabilities

Browse Source
This commit is contained in:
Grant Limberg 2018-01-30 10:47:31 -08:00
parent f7019d9e80
commit 4878d8ec15
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
one.cpp
View File

@ -1029,7 +1029,7 @@ static void dropPrivileges(const char *procName,const std::string &homeDir)
// Change ownership of our home directory if everything looks good (does nothing if already chown'd)
_recursiveChown(homeDir.c_str(),targetUser->pw_uid,targetUser->pw_gid);
if (_setCapabilities((1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_SETUID) | (1 << CAP_SETGID)) < 0) {
if (_setCapabilities((1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_SETUID) | (1 << CAP_SETGID) | (1 << CAP_NET_BIND_SERVICE)) < 0) {
_notDropping(procName,homeDir);
return;
}
@ -1053,7 +1053,7 @@ static void dropPrivileges(const char *procName,const std::string &homeDir)
exit(1);
}
if (_setCapabilities((1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW)) < 0) {
if (_setCapabilities((1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_NET_BIND_SERVICE)) < 0) {
fprintf(stderr,"%s: FATAL: unable to drop capabilities after relinquishing root" ZT_EOL_S,procName);
exit(1);
}