{
private_dhcp_plugin_t *this;
- if (!lib->caps->keep(lib->caps, CAP_NET_BIND_SERVICE))
+ if (!lib->caps->check(lib->caps, CAP_NET_BIND_SERVICE))
{ /* required to bind DHCP socket (port 68) */
DBG1(DBG_NET, "dhcp plugin requires CAP_NET_BIND_SERVICE capability");
return NULL;
}
else if (!lib->caps->keep(lib->caps, CAP_NET_RAW))
- { /* required to open DHCP receive socket (AF_PACKET) */
+ { /* required to open DHCP receive socket (AF_PACKET). according to
+ * capabilities(7) it is also required to use the socket */
DBG1(DBG_NET, "dhcp plugin requires CAP_NET_RAW capability");
return NULL;
}
return NULL;
}
- if (!lib->caps->keep(lib->caps, CAP_CHOWN))
+ if (!lib->caps->check(lib->caps, CAP_CHOWN))
{ /* required to chown(2) notify socket */
DBG1(DBG_CFG, "duplicheck plugin requires CAP_CHOWN capability");
return NULL;
{
private_error_notify_plugin_t *this;
- if (!lib->caps->keep(lib->caps, CAP_CHOWN))
+ if (!lib->caps->check(lib->caps, CAP_CHOWN))
{ /* required to chown(2) notify socket */
DBG1(DBG_CFG, "error-notify plugin requires CAP_CHOWN capability");
return NULL;
private_farp_plugin_t *this;
if (!lib->caps->keep(lib->caps, CAP_NET_RAW))
- { /* required to open ARP socket (AF_PACKET) */
+ { /* required to open ARP socket (AF_PACKET). according to capabilities(7)
+ * it is also require to use the socket */
DBG1(DBG_NET, "farp plugin requires CAP_NET_RAW capability");
return NULL;
}
}
if (!lib->caps->keep(lib->caps, CAP_CHOWN))
- { /* required to chown(2) control socket */
+ { /* required to chown(2) control socket, ha_kernel also needs it at
+ * runtime */
DBG1(DBG_CFG, "ha plugin requires CAP_CHOWN capability");
return NULL;
}
{
private_kernel_libipsec_plugin_t *this;
- if (!lib->caps->keep(lib->caps, CAP_NET_ADMIN))
+ if (!lib->caps->check(lib->caps, CAP_NET_ADMIN))
{ /* required to create TUN devices */
DBG1(DBG_KNL, "kernel-libipsec plugin requires CAP_NET_ADMIN "
"capability");
return NULL;
}
- if (!lib->caps->keep(lib->caps, CAP_CHOWN))
+ if (!lib->caps->check(lib->caps, CAP_CHOWN))
{ /* required to chown(2) control socket */
DBG1(DBG_CFG, "load-tester plugin requires CAP_CHOWN capability");
return NULL;
{
private_lookip_plugin_t *this;
- if (!lib->caps->keep(lib->caps, CAP_CHOWN))
+ if (!lib->caps->check(lib->caps, CAP_CHOWN))
{ /* required to chown(2) control socket */
DBG1(DBG_CFG, "lookip plugin requires CAP_CHOWN capability");
return NULL;
private_smp_t *this;
mode_t old;
- if (!lib->caps->keep(lib->caps, CAP_CHOWN))
+ if (!lib->caps->check(lib->caps, CAP_CHOWN))
{ /* required to chown(2) control socket */
DBG1(DBG_CFG, "smp plugin requires CAP_CHOWN capability");
return NULL;
if ((this->port && this->port < 1024) || (this->natt && this->natt < 1024))
{
- if (!lib->caps->keep(lib->caps, CAP_NET_BIND_SERVICE))
+ if (!lib->caps->check(lib->caps, CAP_NET_BIND_SERVICE))
{
/* required to bind ports < 1024 */
DBG1(DBG_NET, "socket-default plugin requires CAP_NET_BIND_SERVICE "
{
private_stroke_plugin_t *this;
- if (!lib->caps->keep(lib->caps, CAP_CHOWN))
+ if (!lib->caps->check(lib->caps, CAP_CHOWN))
{ /* required to chown(2) stroke socket */
DBG1(DBG_CFG, "stroke plugin requires CAP_CHOWN capability");
return NULL;
{
private_whitelist_plugin_t *this;
- if (!lib->caps->keep(lib->caps, CAP_CHOWN))
+ if (!lib->caps->check(lib->caps, CAP_CHOWN))
{ /* required to chown(2) control socket */
DBG1(DBG_CFG, "whitelist plugin requires CAP_CHOWN capability");
return NULL;
{
private_kernel_pfkey_plugin_t *this;
- if (!lib->caps->keep(lib->caps, CAP_NET_ADMIN))
+ if (!lib->caps->check(lib->caps, CAP_NET_ADMIN))
{ /* required to open PF_KEY sockets */
DBG1(DBG_KNL, "kernel-pfkey plugin requires CAP_NET_ADMIN capability");
return NULL;