From 187a6f392c51eb8e07a1d997fff53adabe30f6d7 Mon Sep 17 00:00:00 2001
From: Alexander Gozman <a.gozman@securitycode.ru>
Date: Thu, 19 Jan 2017 13:31:38 +0300
Subject: [PATCH] Bug #2009: added CAP_NET_ADMIN for PCAP and af-packet modes.

Without this capability suricata is unable to get network
interface's settings.
---
 src/util-privs.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/util-privs.c b/src/util-privs.c
index 9b2a0058f6..d44cbc7b39 100644
--- a/src/util-privs.c
+++ b/src/util-privs.c
@@ -77,6 +77,7 @@ void SCDropMainThreadCaps(uint32_t userid, uint32_t groupid)
             capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
                     CAP_NET_RAW,            /* needed for pcap live mode */
                     CAP_SYS_NICE,
+                    CAP_NET_ADMIN,
                     -1);
             break;
         case RUNMODE_PFRING: