From 884c0e111247f770f120aca7e52e0fa190f04c70 Mon Sep 17 00:00:00 2001 From: Luigi Rizzo Date: Thu, 2 Oct 2014 21:34:52 +0000 Subject: [PATCH] add CAP_EVENT for the libpcap device so we will be able to use pcap--netmap which does poll() on the file descriptor MFC after: 2 weeks --- contrib/tcpdump/tcpdump.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/contrib/tcpdump/tcpdump.c b/contrib/tcpdump/tcpdump.c index b2124a65aa15..af34f88f8224 100644 --- a/contrib/tcpdump/tcpdump.c +++ b/contrib/tcpdump/tcpdump.c @@ -1533,7 +1533,12 @@ main(int argc, char **argv) if (RFileName == NULL && VFileName == NULL) { static const unsigned long cmds[] = { BIOCGSTATS }; - cap_rights_init(&rights, CAP_IOCTL, CAP_READ); + /* + * the various libpcap devices use a combination of + * read (bpf), ioctl (bpf, netmap), poll (netmap) + * so we add the relevant access rights. + */ + cap_rights_init(&rights, CAP_IOCTL, CAP_READ, CAP_EVENT); if (cap_rights_limit(pcap_fileno(pd), &rights) < 0 && errno != ENOSYS) { error("unable to limit pcap descriptor");