diff options
| author | Grant Limberg <grant.limberg@zerotier.com> | 2018-01-30 10:47:31 -0800 |
|---|---|---|
| committer | Grant Limberg <grant.limberg@zerotier.com> | 2018-01-30 10:47:31 -0800 |
| commit | 4878d8ec15892f2a14b4737d57864e2c34197507 (patch) | |
| tree | 91056c98812287f99912030a797a3b3161d5e338 | |
| parent | f7019d9e80efa81e31ee7fa303be4f0e0a85c0fc (diff) | |
| download | infinitytier-4878d8ec15892f2a14b4737d57864e2c34197507.tar.gz infinitytier-4878d8ec15892f2a14b4737d57864e2c34197507.zip | |
Add CAP_NET_BIND_SERVICE to capabilities
| -rw-r--r-- | one.cpp | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -1029,7 +1029,7 @@ static void dropPrivileges(const char *procName,const std::string &homeDir) // Change ownership of our home directory if everything looks good (does nothing if already chown'd) _recursiveChown(homeDir.c_str(),targetUser->pw_uid,targetUser->pw_gid); - if (_setCapabilities((1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_SETUID) | (1 << CAP_SETGID)) < 0) { + if (_setCapabilities((1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_SETUID) | (1 << CAP_SETGID) | (1 << CAP_NET_BIND_SERVICE)) < 0) { _notDropping(procName,homeDir); return; } @@ -1053,7 +1053,7 @@ static void dropPrivileges(const char *procName,const std::string &homeDir) exit(1); } - if (_setCapabilities((1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW)) < 0) { + if (_setCapabilities((1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_NET_BIND_SERVICE)) < 0) { fprintf(stderr,"%s: FATAL: unable to drop capabilities after relinquishing root" ZT_EOL_S,procName); exit(1); } |