capabilities: Some plugins don't actually require capabilities at runtime
[strongswan.git] / src / libcharon / plugins / kernel_libipsec / kernel_libipsec_plugin.c
index 003ea29..56f5262 100644 (file)
@@ -64,7 +64,7 @@ static bool create_router(private_kernel_libipsec_plugin_t *this,
        }
        else
        {
-               this->router->destroy(this->router);
+               DESTROY_IF(this->router);
        }
        return TRUE;
 }
@@ -102,6 +102,13 @@ plugin_t *kernel_libipsec_plugin_create()
 {
        private_kernel_libipsec_plugin_t *this;
 
+       if (!lib->caps->check(lib->caps, CAP_NET_ADMIN))
+       {       /* required to create TUN devices */
+               DBG1(DBG_KNL, "kernel-libipsec plugin requires CAP_NET_ADMIN "
+                        "capability");
+               return NULL;
+       }
+
        INIT(this,
                .public = {
                        .plugin = {