diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2013-06-25 09:03:00 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2013-06-25 17:16:33 +0200 |
| commit | 1091edede8b8308bccd3f0d356ab77d70cb97559 (patch) | |
| tree | c1c18b23c3db2ee463984dd19529253e7e02451b | |
| parent | 19375384403d08624a405a5e733d99bb5be62e2e (diff) | |
| download | strongswan-1091edede8b8308bccd3f0d356ab77d70cb97559.tar.bz2 strongswan-1091edede8b8308bccd3f0d356ab77d70cb97559.tar.xz | |
capabilities: CAP_CHOWN might be required by many plugins opening UNIX sockets
But as the sockets will be created with the user/group of the running
process this might not be required as no change may be needed.
| -rw-r--r-- | src/libcharon/plugins/duplicheck/duplicheck_plugin.c | 6 | ||||
| -rw-r--r-- | src/libcharon/plugins/error_notify/error_notify_plugin.c | 6 | ||||
| -rw-r--r-- | src/libcharon/plugins/ha/ha_plugin.c | 6 | ||||
| -rw-r--r-- | src/libcharon/plugins/load_tester/load_tester_plugin.c | 6 | ||||
| -rw-r--r-- | src/libcharon/plugins/lookip/lookip_plugin.c | 6 | ||||
| -rw-r--r-- | src/libcharon/plugins/smp/smp.c | 6 | ||||
| -rw-r--r-- | src/libcharon/plugins/stroke/stroke_plugin.c | 6 | ||||
| -rw-r--r-- | src/libcharon/plugins/whitelist/whitelist_plugin.c | 6 |
8 files changed, 48 insertions, 0 deletions
diff --git a/src/libcharon/plugins/duplicheck/duplicheck_plugin.c b/src/libcharon/plugins/duplicheck/duplicheck_plugin.c index 4d018dbef..d6e652d59 100644 --- a/src/libcharon/plugins/duplicheck/duplicheck_plugin.c +++ b/src/libcharon/plugins/duplicheck/duplicheck_plugin.c @@ -98,6 +98,12 @@ plugin_t *duplicheck_plugin_create() return NULL; } + if (!lib->caps->keep(lib->caps, CAP_CHOWN)) + { /* required to chown(2) notify socket */ + DBG1(DBG_CFG, "duplicheck plugin requires CAP_CHOWN capability"); + return NULL; + } + INIT(this, .public = { .plugin = { diff --git a/src/libcharon/plugins/error_notify/error_notify_plugin.c b/src/libcharon/plugins/error_notify/error_notify_plugin.c index a1e4351eb..48b3d94db 100644 --- a/src/libcharon/plugins/error_notify/error_notify_plugin.c +++ b/src/libcharon/plugins/error_notify/error_notify_plugin.c @@ -92,6 +92,12 @@ plugin_t *error_notify_plugin_create() { private_error_notify_plugin_t *this; + if (!lib->caps->keep(lib->caps, CAP_CHOWN)) + { /* required to chown(2) notify socket */ + DBG1(DBG_CFG, "error-notify plugin requires CAP_CHOWN capability"); + return NULL; + } + INIT(this, .public = { .plugin = { diff --git a/src/libcharon/plugins/ha/ha_plugin.c b/src/libcharon/plugins/ha/ha_plugin.c index 677985c57..e7697dc4f 100644 --- a/src/libcharon/plugins/ha/ha_plugin.c +++ b/src/libcharon/plugins/ha/ha_plugin.c @@ -179,6 +179,12 @@ plugin_t *ha_plugin_create() return NULL; } + if (!lib->caps->keep(lib->caps, CAP_CHOWN)) + { /* required to chown(2) control socket */ + DBG1(DBG_CFG, "ha plugin requires CAP_CHOWN capability"); + return NULL; + } + INIT(this, .public = { .plugin = { diff --git a/src/libcharon/plugins/load_tester/load_tester_plugin.c b/src/libcharon/plugins/load_tester/load_tester_plugin.c index 6fee2bf3b..a32a2a435 100644 --- a/src/libcharon/plugins/load_tester/load_tester_plugin.c +++ b/src/libcharon/plugins/load_tester/load_tester_plugin.c @@ -269,6 +269,12 @@ plugin_t *load_tester_plugin_create() return NULL; } + if (!lib->caps->keep(lib->caps, CAP_CHOWN)) + { /* required to chown(2) control socket */ + DBG1(DBG_CFG, "load-tester plugin requires CAP_CHOWN capability"); + return NULL; + } + INIT(this, .public = { .plugin = { diff --git a/src/libcharon/plugins/lookip/lookip_plugin.c b/src/libcharon/plugins/lookip/lookip_plugin.c index 319d72753..89bdad92e 100644 --- a/src/libcharon/plugins/lookip/lookip_plugin.c +++ b/src/libcharon/plugins/lookip/lookip_plugin.c @@ -92,6 +92,12 @@ plugin_t *lookip_plugin_create() { private_lookip_plugin_t *this; + if (!lib->caps->keep(lib->caps, CAP_CHOWN)) + { /* required to chown(2) control socket */ + DBG1(DBG_CFG, "lookip plugin requires CAP_CHOWN capability"); + return NULL; + } + INIT(this, .public = { .plugin = { diff --git a/src/libcharon/plugins/smp/smp.c b/src/libcharon/plugins/smp/smp.c index 0c240cf7f..d13b82216 100644 --- a/src/libcharon/plugins/smp/smp.c +++ b/src/libcharon/plugins/smp/smp.c @@ -739,6 +739,12 @@ plugin_t *smp_plugin_create() private_smp_t *this; mode_t old; + if (!lib->caps->keep(lib->caps, CAP_CHOWN)) + { /* required to chown(2) control socket */ + DBG1(DBG_CFG, "smp plugin requires CAP_CHOWN capability"); + return NULL; + } + INIT(this, .public = { .plugin = { diff --git a/src/libcharon/plugins/stroke/stroke_plugin.c b/src/libcharon/plugins/stroke/stroke_plugin.c index 4e47a120d..6c4687f4a 100644 --- a/src/libcharon/plugins/stroke/stroke_plugin.c +++ b/src/libcharon/plugins/stroke/stroke_plugin.c @@ -91,6 +91,12 @@ plugin_t *stroke_plugin_create() { private_stroke_plugin_t *this; + if (!lib->caps->keep(lib->caps, CAP_CHOWN)) + { /* required to chown(2) stroke socket */ + DBG1(DBG_CFG, "stroke plugin requires CAP_CHOWN capability"); + return NULL; + } + INIT(this, .public = { .plugin = { diff --git a/src/libcharon/plugins/whitelist/whitelist_plugin.c b/src/libcharon/plugins/whitelist/whitelist_plugin.c index 5ba3e1449..4f397d76e 100644 --- a/src/libcharon/plugins/whitelist/whitelist_plugin.c +++ b/src/libcharon/plugins/whitelist/whitelist_plugin.c @@ -92,6 +92,12 @@ plugin_t *whitelist_plugin_create() { private_whitelist_plugin_t *this; + if (!lib->caps->keep(lib->caps, CAP_CHOWN)) + { /* required to chown(2) control socket */ + DBG1(DBG_CFG, "whitelist plugin requires CAP_CHOWN capability"); + return NULL; + } + INIT(this, .public = { .plugin = { |