diff options
author | Tobias Brunner <tobias@strongswan.org> | 2013-05-08 17:14:29 +0200 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2013-06-25 17:16:32 +0200 |
commit | 2e21bac19aebd661b70ddb9741fa86e205e89e59 (patch) | |
tree | 4136baac843eb8ff545e8dd642fc16e856be1f5e /src/libcharon/daemon.c | |
parent | a65024264379bacc2733282f2b59b8c14e3897c0 (diff) | |
download | strongswan-2e21bac19aebd661b70ddb9741fa86e205e89e59.tar.bz2 strongswan-2e21bac19aebd661b70ddb9741fa86e205e89e59.tar.xz |
capabilities: Ensure required capabilities are actually held by the process/user
Diffstat (limited to 'src/libcharon/daemon.c')
-rw-r--r-- | src/libcharon/daemon.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/libcharon/daemon.c b/src/libcharon/daemon.c index 70262b736..e375ab731 100644 --- a/src/libcharon/daemon.c +++ b/src/libcharon/daemon.c @@ -591,8 +591,6 @@ private_daemon_t *daemon_create(const char *name) this->public.shunts = shunt_manager_create(); this->kernel_handler = kernel_handler_create(); - this->public.caps->keep(this->public.caps, CAP_NET_ADMIN); - return this; } @@ -628,6 +626,12 @@ bool libcharon_init(const char *name) this = daemon_create(name); + if (!this->public.caps->keep(this->public.caps, CAP_NET_ADMIN)) + { + dbg(DBG_DMN, 1, "libcharon requires CAP_NET_ADMIN capability"); + return FALSE; + } + /* for uncritical pseudo random numbers */ srandom(time(NULL) + getpid()); |