ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

fixed stuid()/setgid() and error handling

This commit is contained in:
Martin Willi 2007-10-01 09:07:10 +00:00
parent 9f3c55cdc4
commit 92232dab33
1 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/charon/daemon.c
View File

@ -231,10 +231,16 @@ static void drop_capabilities(private_daemon_t *this, bool full)
if (full)
{
# if IPSEC_GID
setgid(IPSEC_GID);
if (setgid(IPSEC_GID) != 0)
{
kill_daemon(this, "changing GID to unprivileged group failed");
}
# endif
# if IPSEC_UID
setuid(IPSEC_UID);
if (setuid(IPSEC_UID) != 0)
{
kill_daemon(this, "changing UID to unprivileged user failed");
}
# endif
}
else
@ -247,6 +253,10 @@ static void drop_capabilities(private_daemon_t *this, bool full)
keep |= (1<<CAP_DAC_READ_SEARCH);
/* CAP_CHOWN to change file permissions (socket permissions) */
keep |= (1<<CAP_CHOWN);
/* CAP_SETUID to call setuid() */
keep |= (1<<CAP_SETUID);
/* CAP_SETGID to call setgid() */
keep |= (1<<CAP_SETGID);
}
hdr.version = _LINUX_CAPABILITY_VERSION;