CONNTRACK needs CAP_NET_ADMIN.

2025-12-19 10:18:25 +00:00 · 2021-08-05 23:40:04 +01:00
parent 8389b943d3
commit a163c63787
2 changed files with 11 additions and 2 deletions
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@@ -212,8 +212,13 @@ int main (int argc, char **argv)
 #endif

 #ifdef HAVE_CONNTRACK
-  if (option_bool(OPT_CONNTRACK) && (daemon->query_port != 0 || daemon->osport))
-    die (_("cannot use --conntrack AND --query-port"), NULL, EC_BADCONF); 
+  if (option_bool(OPT_CONNTRACK))
+    {
+      if (daemon->query_port != 0 || daemon->osport)
+	die (_("cannot use --conntrack AND --query-port"), NULL, EC_BADCONF);
+
+      need_cap_net_admin = 1;
+    }
 #else
  if (option_bool(OPT_CONNTRACK))
    die(_("conntrack support not available: set HAVE_CONNTRACK in src/config.h"), NULL, EC_BADCONF);