Changeset 1383
Changeset index | Previous changeset | Next changeset

Set CAP_NET_ADMIN after setuid() to allow setting
all TOS bits (needed for DiffServ).

Committed by:  armin
Date:  Feb 14 2006 * 18:32 (over 2 years ago)

Affected files:

openpbx/trunk/corelib/openpbx.c (unified diff)

r1379r1383
7979 #include <netdb.h>
8080 #endif
8181
82 #undef _POSIX_SOURCE
83 #include <sys/capability.h>
84
8285 #include "openpbx.h"
8386
8487 OPENPBX_FILE_VERSION("$HeadURL$", "$Revision$")
------
20582061 if (!is_child_of_nonroot) {
20592062 struct group *gr;
20602063 struct passwd *pw;
2064 cap_user_header_t cap_header;
2065 cap_user_data_t cap_data;
20612066
2067 cap_header = alloca(sizeof(*cap_header));
2068 cap_data = alloca(sizeof(*cap_data));
2069 if (cap_header != NULL) {
2070 cap_header->version = _LINUX_CAPABILITY_VERSION;
2071 cap_header->pid = 0;
2072 }
2073 /* inherit our capabilities */
2074 if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1) {
2075 opbx_log(LOG_WARNING, "Unable to keep capabilities: %s\n", strerror(errno));
2076 }
2077
20622078 gr = getgrnam(rungroup);
20632079 if (!gr) {
20642080 opbx_log(LOG_ERROR, "No such group '%s'!\n", rungroup);
------
21242140 opbx_verbose("Now running as user '' (%d)\n", getegid());
21252141 }
21262142 }
2143 if ((cap_header != NULL) && (cap_data != NULL)) {
2144 /* get current capabilities */
2145 if (capget(cap_header, cap_data) == -1) {
2146 opbx_log(LOG_WARNING, "Unable to get capabilities\n");
2147 }
2148 cap_data->effective = 1 << CAP_NET_ADMIN;
2149 /* set capabilities including NET_ADMIN */
2150 /* this allows us to e.g. set all TOS bits */
2151 if (capset(cap_header, cap_data) == -1) {
2152 opbx_log(LOG_WARNING, "Unable to set new capabilities (CAP_NET_ADMIN)\n");
2153 }
2154 }
21272155 }
21282156
21292157 /* Check if we're root */