aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

privs: add capability CAP_SYS_NICE.

Browse Source 
Allows the setting of thread priorities after dropping privileges.
pull/2160/head
Jason Ish 10 years ago committed by Victor Julien
parent 6045420812
commit f0e22c91cb
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File

4
src/util-privs.c
Unescape Escape View File

@ -76,16 +76,18 @@ void SCDropMainThreadCaps(uint32_t userid, uint32_t groupid)
case RUNMODE_AFP_DEV: case RUNMODE_AFP_DEV:
capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
CAP_NET_RAW, /* needed for pcap live mode */ CAP_NET_RAW, /* needed for pcap live mode */
CAP_SYS_NICE,
-1); -1);
break; break;
case RUNMODE_PFRING: case RUNMODE_PFRING:
capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
CAP_NET_ADMIN, CAP_NET_RAW, CAP_NET_ADMIN, CAP_NET_RAW, CAP_SYS_NICE,
-1); -1);
break; break;
case RUNMODE_NFQ: case RUNMODE_NFQ:
capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
CAP_NET_ADMIN, /* needed for nfqueue inline mode */ CAP_NET_ADMIN, /* needed for nfqueue inline mode */
CAP_SYS_NICE,
-1); -1);
break; break;
} }

Write Preview
Loading…
Cancel
Save