Add ability to set high ToS bits as non-root on Linux using libcap (issue #7047 reported by maddison)

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@43830 65c4cc65-6c06-0410-ace0-fbb531ad65f3
author: Joshua Colp <jcolp@digium.com> 2006-09-27 21:48:01 +0000
committer: Joshua Colp <jcolp@digium.com> 2006-09-27 21:48:01 +0000
commit: 4116cfc38722b1b9df13edf9637d4153568dc6a4 (patch)
tree: 19c66ba038f1893d8d10044cd5ee80620f7260eb /doc/security.txt
parent: 7a336e9f9daeeb0133a584491ffbf4d35bb3f0dd (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/security.txt b/doc/security.txt
index 3290cba48..8abe9177d 100644
--- a/doc/security.txt
+++ b/doc/security.txt
@@ -28,6 +28,13 @@ The IAX2 protocol supports strong RSA key authentication as well as
 AES encryption of voice and signalling. The SIP channel does not
 support encryption in this version of Asterisk.
 
+By default, if you have libcap available, Asterisk will try to retain the
+CAP_NET_ADMIN capability when running as a non-root user. If you do not need
+that capability you may want to configure Asterisk with --without-cap; however,
+this will prevent Asterisk from being able to mark high ToS bits under Linux.
+More information on CAP_NET_ADMIN is available at:
+http://www.lids.org/lids-howto/node48.html
+
 * DIALPLAN SECURITY
 
 First and foremost remember this:
author	Joshua Colp <jcolp@digium.com>	2006-09-27 21:48:01 +0000
committer	Joshua Colp <jcolp@digium.com>	2006-09-27 21:48:01 +0000
commit	4116cfc38722b1b9df13edf9637d4153568dc6a4 (patch)
tree	19c66ba038f1893d8d10044cd5ee80620f7260eb /doc/security.txt
parent	7a336e9f9daeeb0133a584491ffbf4d35bb3f0dd (diff)