11 Mar
2015
11 Mar
'15
12:07 p.m.
On Monday 23 February 2015 20:18:50 Sven Eckelmann wrote:
The alfred process only requires the capability to bind to a raw socket (CAP_NET_RAW). It is enough to mark this capability as permitted on program startup and mark it again as effective whenever a new netsock is initialized. All other capabilities can be dropped completely.
Signed-off-by: Sven Eckelmann sven@narfation.org
Applied in revision b0877b3 (just replaced that "B.A.T.M.A.N. debugging comment).
Thanks! Simon