Commit f9698a56 authored by Martin Weinelt's avatar Martin Weinelt Committed by Juliusz Chroboczek

Skip kernel_setup_interface when `skip-kernel-setup` is enabled.

Setting sysctls is not allowed for unprivileged users, so let's not try
to set per interface rp_filter when `skip-kernel-setup` is set.

After this change babeld can run as an unprivileged users with
CAP_NET_ADMIN. The user needs to take care of setting up the sysctls
themselves.
parent bd67a650
...@@ -283,9 +283,12 @@ the command-line option ...@@ -283,9 +283,12 @@ the command-line option
.BR \-D . .BR \-D .
.TP .TP
.BR skip-kernel-setup " {" true | false } .BR skip-kernel-setup " {" true | false }
If this flag is set, no kernel (sysctl) setup is performed on startup. This can If this flag is set, no kernel (sysctl) setup is performed on startup, and
be useful when running in environments where system permissions prevent setting it is assumed that enabling forwarding, disabling redirects and disabling
kernel parameters, for instance inside a Linux container. the reverse-path filter is performed by other means. This can be useful
when running in environments where system permissions prevent setting
kernel parameters, for instance without root permissions or inside a Linux
container.
.TP .TP
.BI router-id " id" .BI router-id " id"
Specify the router-id explicitly, as a modified EUI-64 or a MAC-48 Specify the router-id explicitly, as a modified EUI-64 or a MAC-48
......
...@@ -553,7 +553,8 @@ kernel_setup(int setup) ...@@ -553,7 +553,8 @@ kernel_setup(int setup)
} }
nl_setup = 1; nl_setup = 1;
if(skip_kernel_setup) return 1; if(skip_kernel_setup)
return 1;
for(i=0; i<NUM_SYSCTLS; i++) { for(i=0; i<NUM_SYSCTLS; i++) {
s = &sysctl_settings[i]; s = &sysctl_settings[i];
...@@ -680,6 +681,8 @@ get_old_if(const char *ifname) ...@@ -680,6 +681,8 @@ get_old_if(const char *ifname)
int int
kernel_setup_interface(int setup, const char *ifname, int ifindex) kernel_setup_interface(int setup, const char *ifname, int ifindex)
{ {
if(skip_kernel_setup) return 1;
char buf[100]; char buf[100];
int i, rc; int i, rc;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment