matthias
/
iproute2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
iproute2/lib
History
Luca Boccassi ba2fc55b99 Drop capabilities if not running ip exec vrf with libcap 
ip vrf exec requires root or CAP_NET_ADMIN, CAP_SYS_ADMIN and
CAP_DAC_OVERRIDE. It is not possible to run unprivileged commands like
ping as non-root or non-cap-enabled due to this requirement.
To allow users and administrators to safely add the required
capabilities to the binary, drop all capabilities on start if not
invoked with "vrf exec".
Update the manpage with the requirements.

Signed-off-by: Luca Boccassi <bluca@debian.org>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
 		2018-03-27 11:48:23 -07:00
..
Makefile SPDX license identifiers 2017-11-24 12:21:35 -08:00
bpf.c bpf: Print section name when hitting non ld64 issue 2018-03-02 13:28:53 -08:00
color.c color: disable color when json output is requested 2018-02-23 08:18:33 -08:00
coverity_model.c scrub out whitespace issues 2016-03-27 10:50:14 -07:00
dnet_ntop.c SPDX license identifiers 2017-11-24 12:21:35 -08:00
dnet_pton.c SPDX license identifiers 2017-11-24 12:21:35 -08:00
exec.c SPDX license identifiers 2017-11-24 12:21:35 -08:00
fs.c Convert the obvious cases to strlcpy() 2017-09-01 12:10:54 -07:00
inet_proto.c drop unneeded include of syslog.h 2017-11-12 16:22:36 -08:00
ipx_ntop.c SPDX license identifiers 2017-11-24 12:21:35 -08:00
ipx_pton.c SPDX license identifiers 2017-11-24 12:21:35 -08:00
json_print.c tc: red: JSON-ify RED output 2018-01-26 12:59:55 -08:00
json_writer.c json_writer: add SPDX Identifier (GPL-2/BSD-2) 2018-03-06 14:39:19 -08:00
libgenl.c SPDX license identifiers 2017-11-24 12:21:35 -08:00
libnetlink.c libnetlink: __rtnl_talk_iov should only loop max iovlen times 2018-03-02 13:30:34 -08:00
ll_addr.c utils: ll_addr: Handle ARPHRD_IP6GRE in ll_addr_n2a() 2017-12-26 09:07:42 -08:00
ll_map.c drop unneeded include of syslog.h 2017-11-12 16:22:36 -08:00
ll_proto.c drop unneeded include of syslog.h 2017-11-12 16:22:36 -08:00
ll_types.c drop unneeded include of syslog.h 2017-11-12 16:22:36 -08:00
mpls_ntop.c SPDX license identifiers 2017-11-24 12:21:35 -08:00
mpls_pton.c SPDX license identifiers 2017-11-24 12:21:35 -08:00
names.c Replace malloc && memset by calloc 2016-07-20 12:05:24 -07:00
namespace.c lib/namespace: don't try to mount rw /sys over a ro one 2018-02-23 08:18:06 -08:00
rt_names.c drop unneeded include of syslog.h 2017-11-12 16:22:36 -08:00
utils.c Drop capabilities if not running ip exec vrf with libcap 2018-03-27 11:48:23 -07:00