|
@@ -965,6 +965,17 @@ wpa_priv can control multiple interface with one process, but it is
|
|
|
also possible to run multiple wpa_priv processes at the same time, if
|
|
also possible to run multiple wpa_priv processes at the same time, if
|
|
|
desired.
|
|
desired.
|
|
|
|
|
|
|
|
|
|
+It should be noted that the interface used between wpa_supplicant and
|
|
|
|
|
+wpa_priv does not include all the capabilities of the wpa_supplicant
|
|
|
|
|
+driver interface and at times, this interface lacks update especially
|
|
|
|
|
+for recent addition. Consequently, use of wpa_priv does come with the
|
|
|
|
|
+price of somewhat reduced available functionality. The next section
|
|
|
|
|
+describing how wpa_supplicant can be used with reduced privileges
|
|
|
|
|
+without having to handle the complexity of separate wpa_priv. While that
|
|
|
|
|
+approve does not provide separation for network admin capabilities, it
|
|
|
|
|
+does allow other root privileges to be dropped without the drawbacks of
|
|
|
|
|
+the wpa_priv process.
|
|
|
|
|
+
|
|
|
|
|
|
|
|
Linux capabilities instead of privileged process
|
|
Linux capabilities instead of privileged process
|
|
|
------------------------------------------------
|
|
------------------------------------------------
|
Jouni Malinen