The DHCPv4 server doesn't need CAP_NET_ADMIN if always broadcasting.

CAP_NET_ADMIN is needed in the DHCPv4 code to place entries into the ARP cache. If it's configured to unconditionally broadcast to unconfigured clients, it never touches the ARP cache and doesn't need CAP_NET_ADMIN. Thanks to Martin Ivičič <max.enhanced@gmail.com> for prompting this.
2025-12-19 10:18:25 +00:00 · 2024-02-21 00:46:25 +00:00
parent ccff85ad72
commit 9adbf009a6
1 changed files with 4 additions and 1 deletions
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@@ -313,9 +313,12 @@ int main (int argc, char **argv)
    {
      dhcp_init();
 #   ifdef HAVE_LINUX_NETWORK
+      /* Need NET_RAW to send ping. */
      if (!option_bool(OPT_NO_PING))
 	need_cap_net_raw = 1;
-      need_cap_net_admin = 1;
+      /* Need NET_ADMIN to change ARP cache if not always broadcasting. */
+      if (daemon->force_broadcast == NULL || daemon->force_broadcast->list != NULL)
+        need_cap_net_admin = 1;
 #   endif
    }