Browse Source

[privs/Solaris] Quagga should work in zones with IP instances

2007-09-18  Paul Jakma <paul.jakma@sun.com>

	* privs.c: definition of ZCAP_NET_ADMIN on Solaris should
	  be PRIV_SYS_IP_CONFIG, when that's available. Thus allowing
	  Quagga to work with in Solaris zones with exclusive IP
	  instances.
Paul Jakma 13 years ago
parent
commit
6b148faa29
2 changed files with 12 additions and 0 deletions
  1. 7 0
      lib/ChangeLog
  2. 5 0
      lib/privs.c

+ 7 - 0
lib/ChangeLog

@@ -1,3 +1,10 @@
+2007-09-18  Paul Jakma <paul.jakma@sun.com>
+
+	* privs.c: definition of ZCAP_NET_ADMIN on Solaris should
+	  be PRIV_SYS_IP_CONFIG, when that's available. Thus allowing
+	  Quagga to work with in Solaris zones with exclusive IP
+	  instances.
+
 2007-08-21 Denis Ovsienko
 
 	* sockopt.[ch]: (setsockopt_so_sendbuf, getsockopt_so_sendbuf):

+ 5 - 0
lib/privs.c

@@ -117,7 +117,12 @@ static struct
   /* Quagga -> Solaris privilege mappings */
   [ZCAP_SETID] =	{ 1, (pvalue_t []) { PRIV_PROC_SETID		}, },
   [ZCAP_BIND] = 	{ 1, (pvalue_t []) { PRIV_NET_PRIVADDR		}, },
+  /* IP_CONFIG is a subset of NET_CONFIG and is allowed in zones */
+#ifdef PRIV_SYS_IP_CONFIG
+  [ZCAP_NET_ADMIN] =	{ 1, (pvalue_t []) { PRIV_SYS_IP_CONFIG	}, },
+#else
   [ZCAP_NET_ADMIN] =	{ 1, (pvalue_t []) { PRIV_SYS_NET_CONFIG	}, },
+#endif
   [ZCAP_NET_RAW] = 	{ 2, (pvalue_t []) { PRIV_NET_RAWACCESS,
                                              PRIV_NET_ICMPACCESS 	}, },
   [ZCAP_CHROOT] = 	{ 1, (pvalue_t []) { PRIV_PROC_CHROOT		}, },