Author: coppice
Date: 2007-04-05 05:51:36 -0400 (Thu, 05 Apr 2007)
New Revision: 2589
Modified:
openpbx/trunk/corelib/openpbx.c
Log:
iChanged the way capabilties are controlled, so avoid some
"issues".
Modified: openpbx/trunk/corelib/openpbx.c
============================================================
=======
--- openpbx/trunk/corelib/openpbx.c 2007-04-05 07:23:55 UTC
(rev 2588)
+++ openpbx/trunk/corelib/openpbx.c 2007-04-05 09:51:36 UTC
(rev 2589)
 -2046,12
+2046,6
cap_user_header_t cap_header;
cap_user_data_t cap_data;
- cap_header = alloca(sizeof(*cap_header));
- cap_data = alloca(sizeof(*cap_data));
- if (cap_header != NULL) {
- cap_header->version = _LINUX_CAPABILITY_VERSION;
- cap_header->pid = 0;
- }
/* inherit our capabilities */
if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1) {
opbx_log(LOG_WARNING, "Unable to keep capabilities:
%sn", strerror(errno));
-2122,17
+2116,18
}
#if defined(__linux__)
- if ((cap_header != NULL) && (cap_data != NULL))
{
- /* get current capabilities */
- if (capget(cap_header, cap_data) == -1) {
- opbx_log(LOG_WARNING, "Unable to get
capabilitiesn");
- }
- cap_data->effective = 1 << CAP_NET_ADMIN;
- /* set capabilities including NET_ADMIN */
- /* this allows us to e.g. set all TOS bits */
- if (capset(cap_header, cap_data) == -1) {
- opbx_log(LOG_WARNING, "Unable to set new
capabilities (CAP_NET_ADMIN)n");
- }
+ cap_header = alloca(sizeof(*cap_header));
+ cap_data = alloca(sizeof(*cap_data));
+ cap_header->version = _LINUX_CAPABILITY_VERSION;
+ cap_header->pid = 0;
+ cap_data->effective = 1 << CAP_NET_ADMIN;
+ cap_data->permitted = cap_data->effective;
+ cap_data->inheritable = 0;
+ /* set capabilities including NET_ADMIN */
+ /* this allows us to e.g. set all TOS bits */
+ if (capset(cap_header, cap_data) == -1) {
+ opbx_log(LOG_ERROR, "Unable to set new capabilities
(CAP_NET_ADMIN)n");
+ exit(1);
}
#endif
}
_______________________________________________
Openpbx-svn mailing list
Openpbx-svnopenpbx.org
http://lists.openpbx.org/mailman/listinfo/openpbx-svn
|