From 10ff3f6d075a3ef000f87912d2c400e8a8818206 Mon Sep 17 00:00:00 2001 From: "/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org" Date: Fri, 18 Jan 2008 12:37:28 +0000 Subject: Max Kellermann : there is no need to check capabilities - the socket() call will fail a few lines later anyway, producing an error message which is good enough. --- src/main.c | 52 ---------------------------------------------------- 1 file changed, 52 deletions(-) (limited to 'src/main.c') diff --git a/src/main.c b/src/main.c index 3d8cfe9..0aa5317 100644 --- a/src/main.c +++ b/src/main.c @@ -23,14 +23,10 @@ #include #include #include -#include #include #include #include -#undef _POSIX_SOURCE -#include - struct ct_general_state st; union ct_state state; @@ -79,39 +75,6 @@ set_operation_mode(int *current, int want, char *argv[]) } } -static int check_capabilities(void) -{ - int ret; - cap_user_header_t hcap; - cap_user_data_t dcap; - - hcap = malloc(sizeof(cap_user_header_t)); - if (!hcap) - return -1; - - hcap->version = _LINUX_CAPABILITY_VERSION; - hcap->pid = getpid(); - - dcap = malloc(sizeof(cap_user_data_t)); - if (!dcap) { - free(hcap); - return -1; - } - - if (capget(hcap, dcap) == -1) { - free(hcap); - free(dcap); - return -1; - } - - ret = dcap->permitted & (1 << CAP_NET_ADMIN); - - free(hcap); - free(dcap); - - return ret; -} - int main(int argc, char *argv[]) { int ret, i, config_set = 0, action = -1; @@ -136,21 +99,6 @@ int main(int argc, char *argv[]) exit(EXIT_FAILURE); } - ret = check_capabilities(); - switch (ret) { - case -1: - fprintf(stderr, "Can't get capabilities\n"); - exit(EXIT_FAILURE); - break; - case 0: - fprintf(stderr, "You require CAP_NET_ADMIN in order " - "to run conntrackd\n"); - exit(EXIT_FAILURE); - break; - default: - break; - } - for (i=1; i