anti
8d3f5c646a
The systemd unit grants AmbientCapabilities=CAP_NET_ADMIN so the API service can program host-side macvlan/ipvlan interfaces without running as root, but setup_host_macvlan/_ipvlan rejected with euid!=0 before even trying — making web-driven 'decnet deploy' impossible under the privilege model the unit advertises. Replace _require_root with _require_net_admin, which reads CapEff from /proc/self/status and accepts the cap (bit 12) as well as euid==0. No libcap dep — pure /proc parse.
14 KiB
14 KiB