summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
author/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>2008-01-18 12:37:28 +0000
committer/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>2008-01-18 12:37:28 +0000
commit10ff3f6d075a3ef000f87912d2c400e8a8818206 (patch)
treec4beacaabe13b906ff45fdf479845f67d9391385
parent17960668a2f901ec0855a6fac99ed652a5136ac6 (diff)
downloadconntrack-tools-10ff3f6d075a3ef000f87912d2c400e8a8818206.tar.gz
conntrack-tools-10ff3f6d075a3ef000f87912d2c400e8a8818206.zip
Max Kellermann <max@duempel.org>:
there is no need to check capabilities - the socket() call will fail a few lines later anyway, producing an error message which is good enough.
-rw-r--r--ChangeLog1
-rw-r--r--src/main.c52
2 files changed, 1 insertions, 52 deletions
diff --git a/ChangeLog b/ChangeLog
index 02f6668..661ebe3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -87,6 +87,7 @@ o use size_t for buffer sizes
o import only required C headers and put local headers on top to check
o fix double free() bug in the error output path of mcast_create()
o eliminate unsed cache_get_conntrack() in rs_list_to_tx()
+o remove capability code and rely on the error returned by the syscall
version 0.9.5 (2007/07/29)
------------------------------
diff --git a/src/main.c b/src/main.c
index 3d8cfe9..0aa5317 100644
--- a/src/main.c
+++ b/src/main.c
@@ -23,14 +23,10 @@
#include <sys/stat.h>
#include <fcntl.h>
#include <sys/utsname.h>
-#include <linux/capability.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
-#undef _POSIX_SOURCE
-#include <sys/capability.h>
-
struct ct_general_state st;
union ct_state state;
@@ -79,39 +75,6 @@ set_operation_mode(int *current, int want, char *argv[])
}
}
-static int check_capabilities(void)
-{
- int ret;
- cap_user_header_t hcap;
- cap_user_data_t dcap;
-
- hcap = malloc(sizeof(cap_user_header_t));
- if (!hcap)
- return -1;
-
- hcap->version = _LINUX_CAPABILITY_VERSION;
- hcap->pid = getpid();
-
- dcap = malloc(sizeof(cap_user_data_t));
- if (!dcap) {
- free(hcap);
- return -1;
- }
-
- if (capget(hcap, dcap) == -1) {
- free(hcap);
- free(dcap);
- return -1;
- }
-
- ret = dcap->permitted & (1 << CAP_NET_ADMIN);
-
- free(hcap);
- free(dcap);
-
- return ret;
-}
-
int main(int argc, char *argv[])
{
int ret, i, config_set = 0, action = -1;
@@ -136,21 +99,6 @@ int main(int argc, char *argv[])
exit(EXIT_FAILURE);
}
- ret = check_capabilities();
- switch (ret) {
- case -1:
- fprintf(stderr, "Can't get capabilities\n");
- exit(EXIT_FAILURE);
- break;
- case 0:
- fprintf(stderr, "You require CAP_NET_ADMIN in order "
- "to run conntrackd\n");
- exit(EXIT_FAILURE);
- break;
- default:
- break;
- }
-
for (i=1; i<argc; i++) {
switch(argv[i][1]) {
case 'd':