matthias
/
iproute2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
4,066 Commits 5 Branches 108 Tags 7.5 MiB
C 91.1%
C++ 5.9%
Shell 2.1%
Makefile 0.5%
Yacc 0.2%
Go to file
Luca Boccassi 9b13cc98f5 ip: do not drop capabilities if net_admin=i is set 
Users have reported a regression due to ip now dropping capabilities
unconditionally.
zerotier-one VPN and VirtualBox use ambient capabilities in their
binary and then fork out to ip to set routes and links, and this
does not work anymore.

As a workaround, do not drop caps if CAP_NET_ADMIN (the most common
capability used by ip) is set with the INHERITABLE flag.
Users that want ip vrf exec to work do not need to set INHERITABLE,
which will then only set when the calling program had privileges to
give itself the ambient capability.

Fixes: ba2fc55b99 ("Drop capabilities if not running ip exec vrf with libcap")

Signed-off-by: Luca Boccassi <bluca@debian.org>
 		2018-05-14 21:07:34 -07:00
bash-completion tc: bash-completion: add missing 'classid' keyword 2017-12-12 12:11:37 -08:00
bridge bridge: fix typo in hairpin error message 2018-04-09 11:17:50 -07:00
devlink devlink: Print size of -1 as unlimited 2018-04-02 07:54:18 -07:00
doc/actions doc: drop old ip command documentation 2017-09-29 10:51:02 -07:00
etc/iproute2 tc: add em_ipt ematch for calling xtables matches from tc matching context 2018-02-27 09:43:16 -08:00
examples SPDX license identifiers 2017-11-24 12:21:35 -08:00
genl SPDX license identifiers 2017-11-24 12:21:35 -08:00
include json_print: Fix hidden 64-bit type promotion 2018-04-25 11:08:55 -07:00
ip iproute: Parse last nexthop in a multipath route 2018-05-01 19:29:44 -07:00
lib ip: do not drop capabilities if net_admin=i is set 2018-05-14 21:07:34 -07:00
man ip: do not drop capabilities if net_admin=i is set 2018-05-14 21:07:34 -07:00
misc ss: remove non-functional slabinfo 2018-05-09 13:57:08 -07:00
netem SPDX license identifiers 2017-11-24 12:21:35 -08:00
rdma rdma: add ib header files 2018-05-09 08:14:55 -07:00
schema bridge: add json schema for bridge fdb show 2016-07-20 12:02:02 -07:00
tc ingress: Don't break JSON output 2018-04-25 11:08:39 -07:00
testsuite tests: make sure rand_dev suffix has 6 chars 2018-01-10 08:29:51 -08:00
tipc tipc: change node address printout formats 2018-03-28 20:41:15 -07:00
.gitignore Remove leftovers from removed Latex documentation 2018-02-13 16:43:19 -08:00
COPYING Update address of FSF in license 2008-03-08 13:31:03 -08:00
Makefile lib: Correct object file dependencies 2018-02-16 08:14:18 -08:00
README README: update libdb build dependency information 2018-05-01 19:29:03 -07:00
README.decnet Decnet documentation update 2005-06-13 18:47:56 +00:00
README.devel README: update location of git repositories, remove broken info link 2018-02-13 16:42:51 -08:00
README.distribution README cleanup's 2012-01-03 15:04:55 -08:00
README.iproute2+tc tc, bpf: finalize eBPF support for cls and act front-end 2015-04-10 13:31:19 -07:00
README.lnstat Rename: misc/README.lnstat -> README.lnstat 2004-10-19 20:24:47 +00:00
configure Drop capabilities if not running ip exec vrf with libcap 2018-03-27 11:48:23 -07:00

README 

This is a set of utilities for Linux networking.

Information:
    https://wiki.linuxfoundation.org/networking/iproute2

Download:
    http://www.kernel.org/pub/linux/utils/net/iproute2/

Stable version repository:
    git://git.kernel.org/pub/scm/network/iproute2/iproute2.git

Development repository:
    git://git.kernel.org/pub/scm/network/iproute2/iproute2-next.git

How to compile this.
--------------------
1. libdbm

arpd needs to have the berkeleydb development libraries. For Debian
users this is the package with a name like libdbX.X-dev.
DBM_INCLUDE points to the directory with db_185.h which
is the include file used by arpd to get to the old format Berkeley
database routines.  Often this is in the db-devel package.

2. make

The makefile will automatically build a config.mk file which
contains definitions of libraries that may or may not be available
on the system such as: ATM, ELF, MNL, and SELINUX.

3. To make documentation, cd to doc/ directory , then
   look at start of Makefile and set correct values for
   PAGESIZE=a4		, ie: a4 , letter ...	(string)
   PAGESPERPAGE=2	, ie: 1 , 2 ...		(numeric)
   and make there. It assumes, that latex, dvips and psnup
   are in your path.

4. This package includes matching sanitized kernel headers because
   the build environment may not have up to date versions. See Makefile
   if you have special requirements and need to point at different
   kernel include files.

Stephen Hemminger
stephen@networkplumber.org

Alexey Kuznetsov
kuznet@ms2.inr.ac.ru