skip kernel_setup_interface when skip-kernel-setup is set #67

mweinelt · 2020-11-24T19:56:22Z

The skip-kernel-setup functions does not skip setting up the rp_filter setting in kernel_setup_interface. This prevents babeld from working as an unprivileged user with CAP_NET_ADMIN only.

Please make setting the rp_filter per interface conditional on skip-kernel-setup.

The text was updated successfully, but these errors were encountered:

Setting sysctls is not allowed for unprivileged users, so let's not try to set per interface rp_filter when `skip-kernel-setup` is set. After this change babeld can run as an unprivileged users with CAP_NET_ADMIN. The user needs to take care of setting up the sysctls themselves. Fixes: jech#67

jech · 2020-12-20T20:05:27Z

Fixed in f9698a5.

This comment has been minimized.

Sign in to view

mweinelt mentioned this issue Nov 24, 2020

Skip kernel_setup_interface when skip-kernel-setup is enabled. #68

Closed

jech closed this as completed Dec 20, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

skip kernel_setup_interface when skip-kernel-setup is set #67

skip kernel_setup_interface when skip-kernel-setup is set #67

mweinelt commented Nov 24, 2020

This comment has been minimized.

jech commented Dec 20, 2020

skip kernel_setup_interface when skip-kernel-setup is set #67

skip kernel_setup_interface when skip-kernel-setup is set #67

Comments

mweinelt commented Nov 24, 2020

This comment has been minimized.

jech commented Dec 20, 2020