From 6f15f5e632917775db9ecf2826532884f34877e8 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 25 Jun 2013 08:35:06 +0200
Subject: dhcp: Require CAP_NET_BIND_SERVICE and CAP_NET_RAW to open/bind
 sockets

---
 src/libcharon/plugins/dhcp/dhcp_plugin.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'src/libcharon/plugins/dhcp/dhcp_plugin.c')

diff --git a/src/libcharon/plugins/dhcp/dhcp_plugin.c b/src/libcharon/plugins/dhcp/dhcp_plugin.c
index a31f12689..31195e25b 100644
--- a/src/libcharon/plugins/dhcp/dhcp_plugin.c
+++ b/src/libcharon/plugins/dhcp/dhcp_plugin.c
@@ -107,6 +107,17 @@ plugin_t *dhcp_plugin_create()
 {
 	private_dhcp_plugin_t *this;
 
+	if (!lib->caps->keep(lib->caps, CAP_NET_BIND_SERVICE))
+	{	/* required to bind DHCP socket (port 68) */
+		DBG1(DBG_NET, "dhcp plugin requires CAP_NET_BIND_SERVICE capability");
+		return NULL;
+	}
+	else if (!lib->caps->keep(lib->caps, CAP_NET_RAW))
+	{	/* required to open DHCP receive socket (AF_PACKET) */
+		DBG1(DBG_NET, "dhcp plugin requires CAP_NET_RAW capability");
+		return NULL;
+	}
+
 	INIT(this,
 		.public = {
 			.plugin = {
-- 
cgit v1.2.3