From 0771e912ae570a75b03fe9c52bc18b1db272602c Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 3 Dec 2016 17:49:37 +0200 Subject: [PATCH] wpa_priv: Document reduced functionality wpa_priv has never really been fully up-to-date with the wpa_supplicant driver interface extensions. This does not seem like something that would change in the future either, so document this reduced functionality as a potential drawback. Signed-off-by: Jouni Malinen --- wpa_supplicant/README | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/wpa_supplicant/README b/wpa_supplicant/README index 11ab01a9c..54564f64d 100644 --- a/wpa_supplicant/README +++ b/wpa_supplicant/README @@ -965,6 +965,17 @@ wpa_priv can control multiple interface with one process, but it is also possible to run multiple wpa_priv processes at the same time, if desired. +It should be noted that the interface used between wpa_supplicant and +wpa_priv does not include all the capabilities of the wpa_supplicant +driver interface and at times, this interface lacks update especially +for recent addition. Consequently, use of wpa_priv does come with the +price of somewhat reduced available functionality. The next section +describing how wpa_supplicant can be used with reduced privileges +without having to handle the complexity of separate wpa_priv. While that +approve does not provide separation for network admin capabilities, it +does allow other root privileges to be dropped without the drawbacks of +the wpa_priv process. + Linux capabilities instead of privileged process ------------------------------------------------