[privs/Solaris] Quagga should work in zones with IP instances

2007-09-18  Paul Jakma <paul.jakma@sun.com>

	* privs.c: definition of ZCAP_NET_ADMIN on Solaris should
	  be PRIV_SYS_IP_CONFIG, when that's available. Thus allowing
	  Quagga to work with in Solaris zones with exclusive IP
	  instances.

2 files changed, 12 insertions, 0 deletions

diff --git a/lib/ChangeLog b/lib/ChangeLog
index 26a25171..8125451f 100644
--- a/lib/ChangeLog
+++ b/lib/ChangeLog
@@ -1,3 +1,10 @@
+2007-09-18  Paul Jakma <paul.jakma@sun.com>
+
+	* privs.c: definition of ZCAP_NET_ADMIN on Solaris should
+	  be PRIV_SYS_IP_CONFIG, when that's available. Thus allowing
+	  Quagga to work with in Solaris zones with exclusive IP
+	  instances.
+
 2007-08-21 Denis Ovsienko
 
 	* sockopt.[ch]: (setsockopt_so_sendbuf, getsockopt_so_sendbuf):
diff --git a/lib/privs.c b/lib/privs.c
index f4117e26..69606f57 100644
--- a/lib/privs.c
+++ b/lib/privs.c
@@ -117,7 +117,12 @@ static struct
   /* Quagga -> Solaris privilege mappings */
   [ZCAP_SETID] =	{ 1, (pvalue_t []) { PRIV_PROC_SETID		}, },
   [ZCAP_BIND] = 	{ 1, (pvalue_t []) { PRIV_NET_PRIVADDR		}, },
+  /* IP_CONFIG is a subset of NET_CONFIG and is allowed in zones */
+#ifdef PRIV_SYS_IP_CONFIG
+  [ZCAP_NET_ADMIN] =	{ 1, (pvalue_t []) { PRIV_SYS_IP_CONFIG	}, },
+#else
   [ZCAP_NET_ADMIN] =	{ 1, (pvalue_t []) { PRIV_SYS_NET_CONFIG	}, },
+#endif
   [ZCAP_NET_RAW] = 	{ 2, (pvalue_t []) { PRIV_NET_RAWACCESS,
                                              PRIV_NET_ICMPACCESS 	}, },
   [ZCAP_CHROOT] = 	{ 1, (pvalue_t []) { PRIV_PROC_CHROOT		}, },