aboutsummaryrefslogtreecommitdiffstats
path: root/src/libhydra/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'src/libhydra/plugins')
-rw-r--r--src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c7
-rw-r--r--src/libhydra/plugins/kernel_pfkey/kernel_pfkey_plugin.c6
2 files changed, 13 insertions, 0 deletions
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c
index 0eb00dadf..2db03d854 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c
@@ -65,6 +65,13 @@ plugin_t *kernel_netlink_plugin_create()
{
private_kernel_netlink_plugin_t *this;
+ if (!lib->caps->keep(lib->caps, CAP_NET_ADMIN))
+ { /* required to bind/use XFRM sockets / create routing tables */
+ DBG1(DBG_KNL, "kernel-netlink plugin requires CAP_NET_ADMIN "
+ "capability");
+ return NULL;
+ }
+
INIT(this,
.public = {
.plugin = {
diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_plugin.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_plugin.c
index 894175402..d2c00b0f2 100644
--- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_plugin.c
+++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_plugin.c
@@ -62,6 +62,12 @@ plugin_t *kernel_pfkey_plugin_create()
{
private_kernel_pfkey_plugin_t *this;
+ if (!lib->caps->keep(lib->caps, CAP_NET_ADMIN))
+ { /* required to open PF_KEY sockets */
+ DBG1(DBG_KNL, "kernel-pfkey plugin requires CAP_NET_ADMIN capability");
+ return NULL;
+ }
+
INIT(this,
.public = {
.plugin = {
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-22 12:37:41 +0000