diff options
author | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org> | 2008-01-18 12:37:28 +0000 |
---|---|---|
committer | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org> | 2008-01-18 12:37:28 +0000 |
commit | 10ff3f6d075a3ef000f87912d2c400e8a8818206 (patch) | |
tree | c4beacaabe13b906ff45fdf479845f67d9391385 | |
parent | 17960668a2f901ec0855a6fac99ed652a5136ac6 (diff) | |
download | conntrack-tools-10ff3f6d075a3ef000f87912d2c400e8a8818206.tar.gz conntrack-tools-10ff3f6d075a3ef000f87912d2c400e8a8818206.zip |
Max Kellermann <max@duempel.org>:
there is no need to check capabilities - the socket() call will fail a
few lines later anyway, producing an error message which is good enough.
-rw-r--r-- | ChangeLog | 1 | ||||
-rw-r--r-- | src/main.c | 52 |
2 files changed, 1 insertions, 52 deletions
@@ -87,6 +87,7 @@ o use size_t for buffer sizes o import only required C headers and put local headers on top to check o fix double free() bug in the error output path of mcast_create() o eliminate unsed cache_get_conntrack() in rs_list_to_tx() +o remove capability code and rely on the error returned by the syscall version 0.9.5 (2007/07/29) ------------------------------ @@ -23,14 +23,10 @@ #include <sys/stat.h> #include <fcntl.h> #include <sys/utsname.h> -#include <linux/capability.h> #include <string.h> #include <stdlib.h> #include <unistd.h> -#undef _POSIX_SOURCE -#include <sys/capability.h> - struct ct_general_state st; union ct_state state; @@ -79,39 +75,6 @@ set_operation_mode(int *current, int want, char *argv[]) } } -static int check_capabilities(void) -{ - int ret; - cap_user_header_t hcap; - cap_user_data_t dcap; - - hcap = malloc(sizeof(cap_user_header_t)); - if (!hcap) - return -1; - - hcap->version = _LINUX_CAPABILITY_VERSION; - hcap->pid = getpid(); - - dcap = malloc(sizeof(cap_user_data_t)); - if (!dcap) { - free(hcap); - return -1; - } - - if (capget(hcap, dcap) == -1) { - free(hcap); - free(dcap); - return -1; - } - - ret = dcap->permitted & (1 << CAP_NET_ADMIN); - - free(hcap); - free(dcap); - - return ret; -} - int main(int argc, char *argv[]) { int ret, i, config_set = 0, action = -1; @@ -136,21 +99,6 @@ int main(int argc, char *argv[]) exit(EXIT_FAILURE); } - ret = check_capabilities(); - switch (ret) { - case -1: - fprintf(stderr, "Can't get capabilities\n"); - exit(EXIT_FAILURE); - break; - case 0: - fprintf(stderr, "You require CAP_NET_ADMIN in order " - "to run conntrackd\n"); - exit(EXIT_FAILURE); - break; - default: - break; - } - for (i=1; i<argc; i++) { switch(argv[i][1]) { case 'd': |