Skip to content
This repository has been archived by the owner on Nov 8, 2023. It is now read-only.

Commit

Permalink
init.rc: add inet permission to VPN daemons explicitly.
Browse files Browse the repository at this point in the history 
Racoon still needs it after dropping root privilege, or pure IPSec VPN
will fail. Mtpd works without it because net_raw implies inet. However
it would be better to set all of them clearly without the assumption.

Change-Id: I50762af2c25ec9cc559e528c7b14f469494fd553
  • Loading branch information
Chia-chi Yeh committed Aug 8, 2011
1 parent 0842f08 commit a246871
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions rootdir/init.rc
View file
Expand Up @@ -487,15 +487,15 @@ service racoon /system/bin/racoon
class main
socket racoon stream 600 system system
# IKE uses UDP port 500. Racoon will setuid to vpn after binding the port.
group vpn net_admin
group vpn net_admin inet
disabled
oneshot

service mtpd /system/bin/mtpd
class main
socket mtpd stream 600 system system
user vpn
group vpn net_admin net_raw
group vpn net_admin inet net_raw
disabled
oneshot

Expand Down

0 comments on commit a246871

Please sign in to comment.