summary refs log tree commit diff
diff options
context:
space:
mode:
authorJune McEnroe <june@causal.agency>2020-06-12 16:26:28 -0400
committerJune McEnroe <june@causal.agency>2020-06-12 16:26:28 -0400
commit0612bda26527c230814a9d5b1dec7f09f2a33eed (patch)
treef75c6b3059a543bb11fc5e9bbdc4b6b8d19d4a09
parentAdd additional permission for linking with LibreSSL (diff)
downloadpounce-0612bda26527c230814a9d5b1dec7f09f2a33eed.tar.gz
pounce-0612bda26527c230814a9d5b1dec7f09f2a33eed.zip
Grant CAP_SETSOCKOPT in dispatch 1.3p1
This fixes a major issue that somehow didn't surface until upgrading to
FreeBSD 12.1-RELEASE-p6, where since calico doesn't grant the
CAP_SETSOCKOPT capability on accepted sockets, pounce crashes trying to
set keepalive on sockets on receives from it.
-rw-r--r--dispatch.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/dispatch.c b/dispatch.c
index f9c714a..6b96e97 100644
--- a/dispatch.c
+++ b/dispatch.c
@@ -225,7 +225,7 @@ int main(int argc, char *argv[]) {
 
 	cap_rights_t dirRights, sockRights, unixRights, bindRights;
 	cap_rights_init(&dirRights, CAP_CONNECTAT);
-	cap_rights_init(&sockRights, CAP_EVENT, CAP_RECV, CAP_SEND);
+	cap_rights_init(&sockRights, CAP_EVENT, CAP_RECV, CAP_SEND, CAP_SETSOCKOPT);
 	cap_rights_init(&unixRights, CAP_CONNECT, CAP_SEND);
 	cap_rights_init(&bindRights, CAP_LISTEN, CAP_ACCEPT);
 	cap_rights_merge(&bindRights, &sockRights);