[iputils/f17: 6/7] Update capability patch to correctly fix ping6 as well.
jsynacek
jsynacek at fedoraproject.org
Fri Dec 7 14:11:38 UTC 2012
commit b0ee407b1ae206e3662db8241591fdf6b5bf3278
Author: Jan Synacek <jsynacek at redhat.com>
Date: Fri Dec 7 15:04:15 2012 +0100
Update capability patch to correctly fix ping6 as well.
iputils-20101006-caps.patch | 35 +++++++++++++++++++++++++++++++++++
1 files changed, 35 insertions(+), 0 deletions(-)
---
diff --git a/iputils-20101006-caps.patch b/iputils-20101006-caps.patch
index b59307f..04f19d4 100644
--- a/iputils-20101006-caps.patch
+++ b/iputils-20101006-caps.patch
@@ -251,3 +251,38 @@ Backported-by: Jan Synacek <jsynacek at redhat.com>
extern int send_probe(void);
extern int receive_error_msg(void);
+--- iputils-s20101006/ping6.c.orig 2012-12-07 14:56:59.000000000 +0100
++++ iputils-s20101006/ping6.c 2012-12-07 15:02:37.917640109 +0100
+@@ -534,9 +534,15 @@ int main(int argc, char *argv[])
+ #endif
+ static uint32_t scope_id = 0;
+
++ limit_capabilities();
++
++ enable_capability_raw();
++
+ icmp_sock = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6);
+ socket_errno = errno;
+
++ disable_capability_raw();
++
+ uid = getuid();
+ if (setuid(uid)) {
+ perror("ping: setuid");
+@@ -746,13 +752,16 @@ int main(int argc, char *argv[])
+ IN6_IS_ADDR_MC_LINKLOCAL(&firsthop.sin6_addr))
+ firsthop.sin6_scope_id = iface;
+ #endif
++ enable_capability_raw();
+ if (
+ #ifdef IPV6_RECVPKTINFO
+ setsockopt(probe_fd, IPPROTO_IPV6, IPV6_PKTINFO, &ipi, sizeof(ipi)) == -1 &&
+ #endif
+ setsockopt(probe_fd, SOL_SOCKET, SO_BINDTODEVICE, device, strlen(device)+1) == -1) {
+ perror("setsockopt(SO_BINDTODEVICE)");
++ exit(2);
+ }
++ disable_capability_raw();
+ }
+ firsthop.sin6_port = htons(1025);
+ if (connect(probe_fd, (struct sockaddr*)&firsthop, sizeof(firsthop)) == -1) {
More information about the scm-commits
mailing list