kernel-netlink: Make CAP_NET_ADMIN capability optional

author Tobias Brunner <tobias@strongswan.org>

Tue, 25 Jun 2013 06:49:55 +0000 (08:49 +0200)

committer Tobias Brunner <tobias@strongswan.org>

Tue, 25 Jun 2013 15:16:32 +0000 (17:16 +0200)
author Tobias Brunner <tobias@strongswan.org>
Tue, 25 Jun 2013 06:49:55 +0000 (08:49 +0200)
committer Tobias Brunner <tobias@strongswan.org>
Tue, 25 Jun 2013 15:16:32 +0000 (17:16 +0200)
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c

index 2db03d8..8d5a0d5 100644 (file)
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c
@@ -66,10 +66,11 @@ plugin_t *kernel_netlink_plugin_create()
         private_kernel_netlink_plugin_t *this;
  
         if (!lib->caps->keep(lib->caps, CAP_NET_ADMIN))
         private_kernel_netlink_plugin_t *this;
  
         if (!lib->caps->keep(lib->caps, CAP_NET_ADMIN))
-       {       /* required to bind/use XFRM sockets / create routing tables */
-               DBG1(DBG_KNL, "kernel-netlink plugin requires CAP_NET_ADMIN "
+       {       /* required to bind/use XFRM sockets / create/modify routing tables, but
+                * not if only the read-only parts of kernel-netlink-net are used, so
+                * we don't fail here */
+               DBG1(DBG_KNL, "kernel-netlink plugin might require CAP_NET_ADMIN "
                          "capability");
                          "capability");
-               return NULL;
         }
  
         INIT(this,
         }
  
         INIT(this,
author	Tobias Brunner <tobias@strongswan.org>
	Tue, 25 Jun 2013 06:49:55 +0000 (08:49 +0200)
committer	Tobias Brunner <tobias@strongswan.org>
	Tue, 25 Jun 2013 15:16:32 +0000 (17:16 +0200)