Run as nonroot user on Linux (with CAP_NET_ADMIN and CAP_NET_RAW added).

- ZT will only drop root privileges if zerotier-one user exists. It is created by Debian postinst script - in other cases the user has to be created by administrator. - Linux >=4.3 with ambient capabilities is required, otherwise ZT will silently - "-U" option now also disables privileges dropping
author: Michał Zieliński <michal@zielinscy.org.pl> 2016-10-16 13:35:29 +0200
committer: Michał Zieliński <michal@zielinscy.org.pl> 2016-10-16 13:53:44 +0200
commit: 344a25c133ab8195d8b16bb922c951ca6d604057 (patch)
tree: 36cc0e148f41111ddc805cb62e468719392b6f5f /make-linux.mk
parent: 88e3fe699c685f74d3cc568a50967859fa15db5b (diff)
download: infinitytier-344a25c133ab8195d8b16bb922c951ca6d604057.tar.gz
infinitytier-344a25c133ab8195d8b16bb922c951ca6d604057.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/make-linux.mk b/make-linux.mk
index 016f7b7c..9dfd39bf 100644
--- a/make-linux.mk
+++ b/make-linux.mk
@@ -111,8 +111,8 @@ endif
 
 all:	one manpages
 
-one:	$(OBJS) service/OneService.o one.o osdep/LinuxEthernetTap.o
-	$(CXX) $(CXXFLAGS) $(LDFLAGS) -o zerotier-one $(OBJS) service/OneService.o one.o osdep/LinuxEthernetTap.o $(LDLIBS)
+one:	$(OBJS) service/OneService.o one.o osdep/LinuxEthernetTap.o osdep/LinuxDropPrivileges.o
+	$(CXX) $(CXXFLAGS) $(LDFLAGS) -o zerotier-one $(OBJS) service/OneService.o one.o osdep/LinuxEthernetTap.o osdep/LinuxDropPrivileges.o $(LDLIBS)
 	$(STRIP) zerotier-one
 	ln -sf zerotier-one zerotier-idtool
 	ln -sf zerotier-one zerotier-cli
author	Michał Zieliński <michal@zielinscy.org.pl>	2016-10-16 13:35:29 +0200
committer	Michał Zieliński <michal@zielinscy.org.pl>	2016-10-16 13:53:44 +0200
commit	344a25c133ab8195d8b16bb922c951ca6d604057 (patch)
tree	36cc0e148f41111ddc805cb62e468719392b6f5f /make-linux.mk
parent	88e3fe699c685f74d3cc568a50967859fa15db5b (diff)
download	infinitytier-344a25c133ab8195d8b16bb922c951ca6d604057.tar.gz infinitytier-344a25c133ab8195d8b16bb922c951ca6d604057.zip