diff options
author | Ondrej Zajicek <santiago@crfreenet.org> | 2011-05-10 02:42:17 +0200 |
---|---|---|
committer | Ondrej Zajicek <santiago@crfreenet.org> | 2011-05-10 02:42:17 +0200 |
commit | 1bc2695744c729804af32d48ce68854cba4de8f7 (patch) | |
tree | e4c165bc0bba244437c462247fd7ffcd842c0918 /sysdep/cf | |
parent | 46bb7e0d176a4dc0a47bb406988f92fb29cceaf4 (diff) |
Allows run with restricted privileges.
Adds option -u and -g to specify user and group.
When different user (than root) is specified,
linux capabilities CAP_NET_* are kept.
Diffstat (limited to 'sysdep/cf')
-rw-r--r-- | sysdep/cf/README | 2 | ||||
-rw-r--r-- | sysdep/cf/linux-22.h | 2 | ||||
-rw-r--r-- | sysdep/cf/linux-v6.h | 2 |
3 files changed, 6 insertions, 0 deletions
diff --git a/sysdep/cf/README b/sysdep/cf/README index 15a45a65..3b5bcd4f 100644 --- a/sysdep/cf/README +++ b/sysdep/cf/README @@ -6,6 +6,7 @@ CONFIG_SELF_CONSCIOUS We're able to recognize whether route was installed by us CONFIG_MULTIPLE_TABLES The kernel supports multiple routing tables CONFIG_ALL_TABLES_AT_ONCE Kernel scanner wants to process all tables at once CONFIG_MC_PROPER_SRC Multicast packets have source address according to socket saddr field +CONFIG_RESTRICTED_PRIVILEGES Implements restricted privileges using drop_uid() CONFIG_UNIX_IFACE Use Unix interface scanner CONFIG_UNIX_SET Use Unix route setting @@ -19,3 +20,4 @@ CONFIG_UNNUM_MULTICAST krt-iface: We support multicasts on unnumbered PtP device CONFIG_LINUX_MC_MREQN Linux: Use struct mreqn for multicasting CONFIG_LINUX_MC_MREQ Linux: Use struct mreq CONFIG_LINUX_MC_MREQ_BIND Linux: Use struct mreq and SO_BINDTODEVICE + diff --git a/sysdep/cf/linux-22.h b/sysdep/cf/linux-22.h index 9ccab648..51b339d1 100644 --- a/sysdep/cf/linux-22.h +++ b/sysdep/cf/linux-22.h @@ -17,6 +17,8 @@ #define CONFIG_LINUX_MC_MREQN #define CONFIG_UNIX_DONTROUTE +#define CONFIG_RESTRICTED_PRIVILEGES + /* Link: sysdep/linux/netlink Link: sysdep/linux diff --git a/sysdep/cf/linux-v6.h b/sysdep/cf/linux-v6.h index ef52ee46..467d7728 100644 --- a/sysdep/cf/linux-v6.h +++ b/sysdep/cf/linux-v6.h @@ -19,6 +19,8 @@ #define CONFIG_MULTIPLE_TABLES #define CONFIG_ALL_TABLES_AT_ONCE +#define CONFIG_RESTRICTED_PRIVILEGES + /* Link: sysdep/linux/netlink Link: sysdep/linux |