From 8501a85292df93c5cf9a7d96ef193c8d25170482 Mon Sep 17 00:00:00 2001
From: Eugene Burkov <e.burkov@adguard.com>
Date: Fri, 4 Dec 2020 17:06:19 +0300
Subject: [PATCH] Pull request: fix binding capability defining

Merge in DNS/adguard-home from 2391-updating-bug to master

Updates #2391.
Updates #2231.

Squashed commit of the following:

commit b321884e6ade04375dad3b981c2920500ff6f645
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Fri Dec 4 16:54:20 2020 +0300

    all: log changes

commit 5aa0202a6f6d2abdfc37daee4b0d64f8cee8a62c
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Fri Dec 4 14:42:10 2020 +0300

    sysutil: fix binding capability defining
---
 CHANGELOG.md                 | 7 ++++---
 internal/sysutil/os_linux.go | 7 ++++++-
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index aa3afd28..5b144fb2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -26,11 +26,11 @@ and this project adheres to
 
 ### Changed
 
-- Post-updating relaunch possibility is now determined OS-dependently ([#2231]).
+- Post-updating relaunch possibility is now determined OS-dependently ([#2231], [#2391]).
 - Made the mobileconfig HTTP API more robust and predictable, add parameters and
   improve error response ([#2358]).
-- Improved HTTP requests handling and timeouts. ([#2343]).
-- Our snap package now uses the `core20` image as its base [#2306].
+- Improved HTTP requests handling and timeouts ([#2343]).
+- Our snap package now uses the `core20` image as its base ([#2306]).
 - Various internal improvements ([#2271], [#2297]).
 
 [#2231]: https://github.com/AdguardTeam/AdGuardHome/issues/2231
@@ -39,6 +39,7 @@ and this project adheres to
 [#2306]: https://github.com/AdguardTeam/AdGuardHome/issues/2306
 [#2343]: https://github.com/AdguardTeam/AdGuardHome/issues/2343
 [#2358]: https://github.com/AdguardTeam/AdGuardHome/issues/2358
+[#2391]: https://github.com/AdguardTeam/AdGuardHome/issues/2391
 
 ### Fixed
 
diff --git a/internal/sysutil/os_linux.go b/internal/sysutil/os_linux.go
index cfe8cf85..7f20e11e 100644
--- a/internal/sysutil/os_linux.go
+++ b/internal/sysutil/os_linux.go
@@ -12,7 +12,10 @@ import (
 
 func canBindPrivilegedPorts() (can bool, err error) {
 	cnbs, err := unix.PrctlRetInt(unix.PR_CAP_AMBIENT, unix.PR_CAP_AMBIENT_IS_SET, unix.CAP_NET_BIND_SERVICE, 0, 0)
-	return cnbs == 1, err
+	// Don't check the error because it's always nil on Linux.
+	adm, _ := haveAdminRights()
+
+	return cnbs == 1 || adm, err
 }
 
 func setRlimit(val uint) {
@@ -26,6 +29,8 @@ func setRlimit(val uint) {
 }
 
 func haveAdminRights() (bool, error) {
+	// The error is nil because the platform-independent function signature
+	// requires returning an error.
 	return os.Getuid() == 0, nil
 }