diff options
-rw-r--r-- | ChangeLog | 1 | ||||
-rw-r--r-- | src/main.c | 52 |
2 files changed, 1 insertions, 52 deletions
@@ -87,6 +87,7 @@ o use size_t for buffer sizes o import only required C headers and put local headers on top to check o fix double free() bug in the error output path of mcast_create() o eliminate unsed cache_get_conntrack() in rs_list_to_tx() +o remove capability code and rely on the error returned by the syscall version 0.9.5 (2007/07/29) ------------------------------ @@ -23,14 +23,10 @@ #include <sys/stat.h> #include <fcntl.h> #include <sys/utsname.h> -#include <linux/capability.h> #include <string.h> #include <stdlib.h> #include <unistd.h> -#undef _POSIX_SOURCE -#include <sys/capability.h> - struct ct_general_state st; union ct_state state; @@ -79,39 +75,6 @@ set_operation_mode(int *current, int want, char *argv[]) } } -static int check_capabilities(void) -{ - int ret; - cap_user_header_t hcap; - cap_user_data_t dcap; - - hcap = malloc(sizeof(cap_user_header_t)); - if (!hcap) - return -1; - - hcap->version = _LINUX_CAPABILITY_VERSION; - hcap->pid = getpid(); - - dcap = malloc(sizeof(cap_user_data_t)); - if (!dcap) { - free(hcap); - return -1; - } - - if (capget(hcap, dcap) == -1) { - free(hcap); - free(dcap); - return -1; - } - - ret = dcap->permitted & (1 << CAP_NET_ADMIN); - - free(hcap); - free(dcap); - - return ret; -} - int main(int argc, char *argv[]) { int ret, i, config_set = 0, action = -1; @@ -136,21 +99,6 @@ int main(int argc, char *argv[]) exit(EXIT_FAILURE); } - ret = check_capabilities(); - switch (ret) { - case -1: - fprintf(stderr, "Can't get capabilities\n"); - exit(EXIT_FAILURE); - break; - case 0: - fprintf(stderr, "You require CAP_NET_ADMIN in order " - "to run conntrackd\n"); - exit(EXIT_FAILURE); - break; - default: - break; - } - for (i=1; i<argc; i++) { switch(argv[i][1]) { case 'd': |