refactored strongswan manager

removed buggy request parsing code, use ClearSilvers CGI kit instead fixed CHILD_SA listing in manager (needs better design) using secure XML communication through unix sockets removed images with questionable (non-GPL) license
author: Martin Willi <martin@strongswan.org> 2007-09-26 14:02:21 +0000
committer: Martin Willi <martin@strongswan.org> 2007-09-26 14:02:21 +0000
commit: c295d0eb4b11a024d1607f6a80275f372c345c08 (patch)
tree: ec3b578e771898bbf3ca35c1ae43e77ffdcea9d9 /src/charon/daemon.c
parent: a9522e16003dd9f9fc7dc998a9017dbb41a65273 (diff)
download: strongswan-c295d0eb4b11a024d1607f6a80275f372c345c08.tar.bz2
strongswan-c295d0eb4b11a024d1607f6a80275f372c345c08.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/src/charon/daemon.c b/src/charon/daemon.c
index 9ef80a626..56b737ad6 100644
--- a/src/charon/daemon.c
+++ b/src/charon/daemon.c
@@ -245,6 +245,8 @@ static void drop_capabilities(private_daemon_t *this, bool full)
 		keep |= (1<<CAP_NET_RAW);
 		/* CAP_DAC_READ_SEARCH to read ipsec.secrets */
 		keep |= (1<<CAP_DAC_READ_SEARCH);
+		/* CAP_CHOWN to change file permissions (socket permissions) */
+		keep |= (1<<CAP_CHOWN);
 	}
 
 	hdr.version = _LINUX_CAPABILITY_VERSION;
@@ -552,6 +554,7 @@ int main(int argc, char *argv[])
 	if (pid_file)
 	{
 		fprintf(pid_file, "%d\n", getpid());
+		fchown(fileno(pid_file), IPSEC_UID, IPSEC_GID);
 		fclose(pid_file);
 	}
author	Martin Willi <martin@strongswan.org>	2007-09-26 14:02:21 +0000
committer	Martin Willi <martin@strongswan.org>	2007-09-26 14:02:21 +0000
commit	c295d0eb4b11a024d1607f6a80275f372c345c08 (patch)
tree	ec3b578e771898bbf3ca35c1ae43e77ffdcea9d9 /src/charon/daemon.c
parent	a9522e16003dd9f9fc7dc998a9017dbb41a65273 (diff)
download	strongswan-c295d0eb4b11a024d1607f6a80275f372c345c08.tar.bz2 strongswan-c295d0eb4b11a024d1607f6a80275f372c345c08.tar.xz