daxi20/AdGuardHome
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

aghnet: imp permissions logic

Browse Source
This commit is contained in:
Eugene Burkov
2023-02-06 16:11:55 +03:00
parent da1b53a3b4
commit 3918789ca7
5 changed files with 41 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
internal/aghnet/net_linux.go
View File

@@ -23,17 +23,17 @@ const dhcpcdConf = "etc/dhcpcd.conf"
func canBindPrivilegedPorts() (can bool, err error) {
res, err := unix.PrctlRetInt(
unix.PR_CAP_AMBIENT,
unix.PR_CAP_AMBIENT_RAISE,
unix.PR_CAPBSET_READ,
unix.CAP_NET_BIND_SERVICE,
0,
0,
0,
)
if err != nil {
if errors.Is(err, unix.EINVAL) {
// Older versions of Linux kernel do not support this. Print a
// warning and check admin rights.
log.Info("warning: cannot check capability cap_net_bind_service: %s", err)
log.Info("warning: cannot check cap_net_bind_service: %s", err)
} else {
return false, err
}
@@ -45,6 +45,21 @@ func canBindPrivilegedPorts() (can bool, err error) {
return res == 1 || adm, nil
}
func acquirePermissions() (err error) {
_, err = unix.PrctlRetInt(
unix.PR_CAP_AMBIENT,
unix.PR_CAP_AMBIENT_RAISE,
unix.CAP_NET_BIND_SERVICE,
0,
0,
)
if err != nil {
return fmt.Errorf("raising cap_net_bind_service: %w", err)
}
return nil
}
// dhcpcdStaticConfig checks if interface is configured by /etc/dhcpcd.conf to
// have a static IP.
func (n interfaceName) dhcpcdStaticConfig(r io.Reader) (subsources []string, cont bool, err error) {