diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2013-06-24 18:22:31 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2013-06-25 17:16:32 +0200 |
| commit | 41b8546ac0a8c95496d1812f35eefa696cf8212c (patch) | |
| tree | 2029603e9d3200599d2f99bc76ad4227c681c882 /src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.c | |
| parent | a2eb581781ca291c9053131be7ec99013e9c83ee (diff) | |
| download | strongswan-41b8546ac0a8c95496d1812f35eefa696cf8212c.tar.bz2 strongswan-41b8546ac0a8c95496d1812f35eefa696cf8212c.tar.xz | |
capabilities: Only plugins that require CAP_NET_ADMIN demand it
The daemon as such does not require this capability.
Diffstat (limited to 'src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.c')
| -rw-r--r-- | src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.c b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.c index d5f3bc248..bac3c1c45 100644 --- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.c +++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.c @@ -102,6 +102,13 @@ plugin_t *kernel_libipsec_plugin_create() { private_kernel_libipsec_plugin_t *this; + if (!lib->caps->keep(lib->caps, CAP_NET_ADMIN)) + { /* required to create TUN devices */ + DBG1(DBG_KNL, "kernel-libipsec plugin requires CAP_NET_ADMIN " + "capability"); + return NULL; + } + INIT(this, .public = { .plugin = { |