Bug #2009: added CAP_NET_ADMIN for PCAP and af-packet modes.

Without this capability suricata is unable to get network interface's settings.
9 years ago · 187a6f392c
parent 19e578a740
commit 187a6f392c
1 changed files with 1 additions and 0 deletions
--- a/src/util-privs.c
+++ b/src/util-privs.c
@ -77,6 +77,7 @@ void SCDropMainThreadCaps(uint32_t userid, uint32_t groupid)
            capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
                    CAP_NET_RAW,            /* needed for pcap live mode */
                    CAP_SYS_NICE,
+                    CAP_NET_ADMIN,
                    -1);
            break;
        case RUNMODE_PFRING: