Mercurial > hg > nginx
comparison src/stream/ngx_stream_proxy_module.c @ 7174:84e53e4735a4
Retain CAP_NET_RAW capability for transparent proxying.
The capability is retained automatically in unprivileged worker processes after
changing UID if transparent proxying is enabled at least once in nginx
configuration.
The feature is only available in Linux.
| author | Roman Arutyunyan <arut@nginx.com> |
|---|---|
| date | Wed, 13 Dec 2017 20:40:53 +0300 |
| parents | 9c29644f6d03 |
| children | ec4d95eed062 |
comparison
equal
deleted
inserted
replaced
| 7173:057adb2a9d23 | 7174:84e53e4735a4 |
|---|---|
| 2153 } | 2153 } |
| 2154 | 2154 |
| 2155 if (cf->args->nelts > 2) { | 2155 if (cf->args->nelts > 2) { |
| 2156 if (ngx_strcmp(value[2].data, "transparent") == 0) { | 2156 if (ngx_strcmp(value[2].data, "transparent") == 0) { |
| 2157 #if (NGX_HAVE_TRANSPARENT_PROXY) | 2157 #if (NGX_HAVE_TRANSPARENT_PROXY) |
| 2158 ngx_core_conf_t *ccf; | |
| 2159 | |
| 2160 ccf = (ngx_core_conf_t *) ngx_get_conf(cf->cycle->conf_ctx, | |
| 2161 ngx_core_module); | |
| 2162 | |
| 2163 ccf->transparent = 1; | |
| 2158 local->transparent = 1; | 2164 local->transparent = 1; |
| 2159 #else | 2165 #else |
| 2160 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | 2166 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
| 2161 "transparent proxying is not supported " | 2167 "transparent proxying is not supported " |
| 2162 "on this platform, ignored"); | 2168 "on this platform, ignored"); |