diff options
| author | Ulrich Drepper <drepper@redhat.com> | 2006-04-26 16:29:29 +0000 |
|---|---|---|
| committer | Ulrich Drepper <drepper@redhat.com> | 2006-04-26 16:29:29 +0000 |
| commit | 1f063dcadb802c57759e2ca2bf9c08e108bb3d70 (patch) | |
| tree | 9405434ef42f90e6a2591ac60e36aacb8454edb5 /nscd/connections.c | |
| parent | cf86bbe6da1d90170e0ee09b5baae15332c917f2 (diff) | |
2006-04-26 James Antill <james.antill@redhat.com>
Ulrich Drepper <drepper@redhat.com>
* config.make.in: Add have-libcap.
* configure.in: Check for libcap.
* nscd/Makefile (selinux-LIBS): Add -lcap if possible.
* nscd/connections.c (finish_drop_privileges): When libcap is available
call preserve_capabilities and install_real_capabilities.
* nscd/selinux.c: Define preserve_capabilities and
install_real_capabilities.
* nscd/selinux.h: Declare preserve_capabilities and
install_real_capabilities.
Diffstat (limited to 'nscd/connections.c')
| -rw-r--r-- | nscd/connections.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/nscd/connections.c b/nscd/connections.c index d975b1818f..b24e7fb527 100644 --- a/nscd/connections.c +++ b/nscd/connections.c @@ -1859,6 +1859,11 @@ begin_drop_privileges (void) static void finish_drop_privileges (void) { +#if defined HAVE_LIBAUDIT && defined HAVE_LIBCAP + /* We need to preserve the capabilities to connect to the audit daemon. */ + cap_t new_caps = preserve_capabilities (); +#endif + if (setgroups (server_ngroups, server_groups) == -1) { dbg_log (_("Failed to run nscd as user '%s'"), server_user); @@ -1878,4 +1883,9 @@ finish_drop_privileges (void) perror ("setuid"); exit (4); } + +#if defined HAVE_LIBAUDIT && defined HAVE_LIBCAP + /* Remove the temporary capabilities. */ + install_real_capabilities (new_caps); +#endif } |