From 0612bda26527c230814a9d5b1dec7f09f2a33eed Mon Sep 17 00:00:00 2001
From: "C. McEnroe" <june@causal.agency>
Date: Fri, 12 Jun 2020 16:26:28 -0400
Subject: Grant CAP_SETSOCKOPT in dispatch

This fixes a major issue that somehow didn't surface until upgrading to
FreeBSD 12.1-RELEASE-p6, where since calico doesn't grant the
CAP_SETSOCKOPT capability on accepted sockets, pounce crashes trying to
set keepalive on sockets on receives from it.
---
 dispatch.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dispatch.c b/dispatch.c
index f9c714a..6b96e97 100644
--- a/dispatch.c
+++ b/dispatch.c
@@ -225,7 +225,7 @@ int main(int argc, char *argv[]) {
 
 	cap_rights_t dirRights, sockRights, unixRights, bindRights;
 	cap_rights_init(&dirRights, CAP_CONNECTAT);
-	cap_rights_init(&sockRights, CAP_EVENT, CAP_RECV, CAP_SEND);
+	cap_rights_init(&sockRights, CAP_EVENT, CAP_RECV, CAP_SEND, CAP_SETSOCKOPT);
 	cap_rights_init(&unixRights, CAP_CONNECT, CAP_SEND);
 	cap_rights_init(&bindRights, CAP_LISTEN, CAP_ACCEPT);
 	cap_rights_merge(&bindRights, &sockRights);
-- 
cgit 1.4.1