Commit f9698a56 authored by Martin Weinelt's avatar Martin Weinelt Committed by Juliusz Chroboczek

Skip kernel_setup_interface when `skip-kernel-setup` is enabled.

Setting sysctls is not allowed for unprivileged users, so let's not try
to set per interface rp_filter when `skip-kernel-setup` is set.

After this change babeld can run as an unprivileged users with
CAP_NET_ADMIN. The user needs to take care of setting up the sysctls
themselves.
parent bd67a650
......@@ -283,9 +283,12 @@ the command-line option
.BR \-D .
.TP
.BR skip-kernel-setup " {" true | false }
If this flag is set, no kernel (sysctl) setup is performed on startup. This can
be useful when running in environments where system permissions prevent setting
kernel parameters, for instance inside a Linux container.
If this flag is set, no kernel (sysctl) setup is performed on startup, and
it is assumed that enabling forwarding, disabling redirects and disabling
the reverse-path filter is performed by other means. This can be useful
when running in environments where system permissions prevent setting
kernel parameters, for instance without root permissions or inside a Linux
container.
.TP
.BI router-id " id"
Specify the router-id explicitly, as a modified EUI-64 or a MAC-48
......
......@@ -553,7 +553,8 @@ kernel_setup(int setup)
}
nl_setup = 1;
if(skip_kernel_setup) return 1;
if(skip_kernel_setup)
return 1;
for(i=0; i<NUM_SYSCTLS; i++) {
s = &sysctl_settings[i];
......@@ -680,6 +681,8 @@ get_old_if(const char *ifname)
int
kernel_setup_interface(int setup, const char *ifname, int ifindex)
{
if(skip_kernel_setup) return 1;
char buf[100];
int i, rc;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment