matthias
/
iproute2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
iproute2/include
History
Luca Boccassi ba2fc55b99 Drop capabilities if not running ip exec vrf with libcap 
ip vrf exec requires root or CAP_NET_ADMIN, CAP_SYS_ADMIN and
CAP_DAC_OVERRIDE. It is not possible to run unprivileged commands like
ping as non-root or non-cap-enabled due to this requirement.
To allow users and administrators to safely add the required
capabilities to the binary, drop all capabilities on start if not
invoked with "vrf exec".
Update the manpage with the requirements.

Signed-off-by: Luca Boccassi <bluca@debian.org>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
 		2018-03-27 11:48:23 -07:00
..
iptables SPDX license identifiers 2017-11-24 12:21:35 -08:00
libiptc SPDX license identifiers 2017-11-24 12:21:35 -08:00
netinet ss: report ecnseen 2011-11-23 14:51:54 -08:00
uapi uapi: update if_ether compat headers 2018-02-20 10:48:32 -08:00
SNAPSHOT.h v4.15.0 2018-01-29 08:08:52 -08:00
bpf_api.h SPDX license identifiers 2017-11-24 12:21:35 -08:00
bpf_elf.h SPDX license identifiers 2017-11-24 12:21:35 -08:00
bpf_scm.h SPDX license identifiers 2017-11-24 12:21:35 -08:00
bpf_util.h bpf: allow loading programs for a specific ifindex 2017-11-26 11:57:57 -08:00
color.h color: disable color when json output is requested 2018-02-23 08:18:33 -08:00
dlfcn.h SPDX license identifiers 2017-11-24 12:21:35 -08:00
ip6tables.h SPDX license identifiers 2017-11-24 12:21:35 -08:00
iptables.h SPDX license identifiers 2017-11-24 12:21:35 -08:00
json_print.h tc: red: JSON-ify RED output 2018-01-26 12:59:55 -08:00
json_writer.h json_writer: add SPDX Identifier (GPL-2/BSD-2) 2018-03-06 14:39:19 -08:00
libgenl.h SPDX license identifiers 2017-11-24 12:21:35 -08:00
libnetlink.h devlink: mnlg: Add support for extended ack 2018-02-23 08:36:05 -08:00
list.h devlink: Add support for devlink resource abstraction 2018-02-23 08:36:05 -08:00
ll_map.h SPDX license identifiers 2017-11-24 12:21:35 -08:00
names.h SPDX license identifiers 2017-11-24 12:21:35 -08:00
namespace.h SPDX license identifiers 2017-11-24 12:21:35 -08:00
rt_names.h SPDX license identifiers 2017-11-24 12:21:35 -08:00
rtm_map.h SPDX license identifiers 2017-11-24 12:21:35 -08:00
utils.h Drop capabilities if not running ip exec vrf with libcap 2018-03-27 11:48:23 -07:00
xt-internal.h SPDX license identifiers 2017-11-24 12:21:35 -08:00
xtables.h SPDX license identifiers 2017-11-24 12:21:35 -08:00