On Sun, 06 May 2018 01:05:51 +0300 =?utf-8?q?Mantas_Mikul=C4=97nas?= <g raw...@nullroute.eu.org> wrote: > Package: iproute2 > Version: 4.16.0-2 > Severity: normal > > zerotier-one (a mesh-VPN program) calls `ip addr add` as non-root, but > with the necessary capabilities present (ambient, inheritable, and > effective). > > However, the latest iproute2 version made `ip` drop all capabilities > unconditionally (except for `ip vrf exec`), so this no longer works -- > ip receives "Operation not permitted" and ZeroTier becomes unable to > configure its tunnel interface, making the VPN completely unusable.
Hi, Which capabilities does zerotier-one use and need? The solution is simple if there's no overlap with vrf exec, otherwise it's going to get hairy. -- Kind regards, Luca Boccassi
signature.asc
Description: This is a digitally signed message part
