Add AF_PACKET to capability system.

This patch adds the necessary code to have AF_PACKET using the same capability dropping mechanism as pcap. This should fix #361.
14 years ago · 7bf1de022c
parent 7eb83314b4
commit 7bf1de022c
1 changed files with 1 additions and 1 deletions
--- a/src/util-privs.c
+++ b/src/util-privs.c
@ -74,7 +74,7 @@ void SCDropMainThreadCaps(uint32_t userid, uint32_t groupid)
                      CAP_NET_RAW,            /* needed for pcap live mode */
                      CAP_NET_ADMIN,          /* needed for nfqueue inline mode */
                      -1);
-    } else if (run_mode == RUNMODE_PCAP_DEV) {
+    } else if (run_mode == RUNMODE_PCAP_DEV || run_mode == RUNMODE_AFP_DEV) {
        capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
                      CAP_NET_RAW,            /* needed for pcap live mode */
                      -1);