Bug #2009: added CAP_NET_ADMIN for PCAP and af-packet modes.

Without this capability suricata is unable to get network interface's settings.
OISF · Jan 19, 2017 · 187a6f3 · 187a6f3
1 parent 19e578a
commit 187a6f3
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/src/util-privs.c b/src/util-privs.c
@@ -77,6 +77,7 @@ void SCDropMainThreadCaps(uint32_t userid, uint32_t groupid)
             capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
                     CAP_NET_RAW,            /* needed for pcap live mode */
                     CAP_SYS_NICE,
+                    CAP_NET_ADMIN,
                     -1);
             break;
         case RUNMODE_PFRING: