matthias
/
iproute2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
iproute2/man
History
Luca Boccassi ba2fc55b99 Drop capabilities if not running ip exec vrf with libcap 
ip vrf exec requires root or CAP_NET_ADMIN, CAP_SYS_ADMIN and
CAP_DAC_OVERRIDE. It is not possible to run unprivileged commands like
ping as non-root or non-cap-enabled due to this requirement.
To allow users and administrators to safely add the required
capabilities to the binary, drop all capabilities on start if not
invoked with "vrf exec".
Update the manpage with the requirements.

Signed-off-by: Luca Boccassi <bluca@debian.org>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
 		2018-03-27 11:48:23 -07:00
..
man3 SPDX license identifiers 2017-11-24 12:21:35 -08:00
man7 SPDX license identifiers 2017-11-24 12:21:35 -08:00
man8 Drop capabilities if not running ip exec vrf with libcap 2018-03-27 11:48:23 -07:00
Makefile SPDX license identifiers 2017-11-24 12:21:35 -08:00