connmark: Add CAP_NET_RAW to capabilities keep list
Fix for "Permission denied (you must be root)" error when calling iptc_init(), which opens a RAW socket to communicate with the kernel, when built with "--with-capabilities=libcap". Closes strongswan/strongswan#53. Fixes #2157.
This commit is contained in:
parent
e6a4bd83ff
commit
87875086d0
|
@ -90,6 +90,12 @@ plugin_t *connmark_plugin_create()
|
|||
return NULL;
|
||||
}
|
||||
|
||||
if (!lib->caps->keep(lib->caps, CAP_NET_RAW))
|
||||
{
|
||||
DBG1(DBG_NET, "connmark plugin requires CAP_NET_RAW capability");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
INIT(this,
|
||||
.public = {
|
||||
.plugin = {
|
||||
|
|
Loading…
Reference in New Issue