summaryrefslogtreecommitdiff
path: root/sysdep/cf
diff options
context:
space:
mode:
authorOndrej Zajicek <santiago@crfreenet.org>2011-05-10 02:42:17 +0200
committerOndrej Zajicek <santiago@crfreenet.org>2011-05-10 02:42:17 +0200
commit1bc2695744c729804af32d48ce68854cba4de8f7 (patch)
treee4c165bc0bba244437c462247fd7ffcd842c0918 /sysdep/cf
parent46bb7e0d176a4dc0a47bb406988f92fb29cceaf4 (diff)
Allows run with restricted privileges.
Adds option -u and -g to specify user and group. When different user (than root) is specified, linux capabilities CAP_NET_* are kept.
Diffstat (limited to 'sysdep/cf')
-rw-r--r--sysdep/cf/README2
-rw-r--r--sysdep/cf/linux-22.h2
-rw-r--r--sysdep/cf/linux-v6.h2
3 files changed, 6 insertions, 0 deletions
diff --git a/sysdep/cf/README b/sysdep/cf/README
index 15a45a65..3b5bcd4f 100644
--- a/sysdep/cf/README
+++ b/sysdep/cf/README
@@ -6,6 +6,7 @@ CONFIG_SELF_CONSCIOUS We're able to recognize whether route was installed by us
CONFIG_MULTIPLE_TABLES The kernel supports multiple routing tables
CONFIG_ALL_TABLES_AT_ONCE Kernel scanner wants to process all tables at once
CONFIG_MC_PROPER_SRC Multicast packets have source address according to socket saddr field
+CONFIG_RESTRICTED_PRIVILEGES Implements restricted privileges using drop_uid()
CONFIG_UNIX_IFACE Use Unix interface scanner
CONFIG_UNIX_SET Use Unix route setting
@@ -19,3 +20,4 @@ CONFIG_UNNUM_MULTICAST krt-iface: We support multicasts on unnumbered PtP device
CONFIG_LINUX_MC_MREQN Linux: Use struct mreqn for multicasting
CONFIG_LINUX_MC_MREQ Linux: Use struct mreq
CONFIG_LINUX_MC_MREQ_BIND Linux: Use struct mreq and SO_BINDTODEVICE
+
diff --git a/sysdep/cf/linux-22.h b/sysdep/cf/linux-22.h
index 9ccab648..51b339d1 100644
--- a/sysdep/cf/linux-22.h
+++ b/sysdep/cf/linux-22.h
@@ -17,6 +17,8 @@
#define CONFIG_LINUX_MC_MREQN
#define CONFIG_UNIX_DONTROUTE
+#define CONFIG_RESTRICTED_PRIVILEGES
+
/*
Link: sysdep/linux/netlink
Link: sysdep/linux
diff --git a/sysdep/cf/linux-v6.h b/sysdep/cf/linux-v6.h
index ef52ee46..467d7728 100644
--- a/sysdep/cf/linux-v6.h
+++ b/sysdep/cf/linux-v6.h
@@ -19,6 +19,8 @@
#define CONFIG_MULTIPLE_TABLES
#define CONFIG_ALL_TABLES_AT_ONCE
+#define CONFIG_RESTRICTED_PRIVILEGES
+
/*
Link: sysdep/linux/netlink
Link: sysdep/linux