capabilities: CAP_CHOWN might be required by many plugins opening UNIX sockets

But as the sockets will be created with the user/group of the running process this might not be required as no change may be needed.
author: Tobias Brunner <tobias@strongswan.org> 2013-06-25 09:03:00 +0200
committer: Tobias Brunner <tobias@strongswan.org> 2013-06-25 17:16:33 +0200
commit: 1091edede8b8308bccd3f0d356ab77d70cb97559 (patch)
tree: c1c18b23c3db2ee463984dd19529253e7e02451b /src/libcharon/plugins/ha/ha_plugin.c
parent: 19375384403d08624a405a5e733d99bb5be62e2e (diff)
download: strongswan-1091edede8b8308bccd3f0d356ab77d70cb97559.tar.bz2
strongswan-1091edede8b8308bccd3f0d356ab77d70cb97559.tar.xz
1 files changed, 6 insertions, 0 deletions
diff --git a/src/libcharon/plugins/ha/ha_plugin.c b/src/libcharon/plugins/ha/ha_plugin.c
index 677985c57..e7697dc4f 100644
--- a/src/libcharon/plugins/ha/ha_plugin.c
+++ b/src/libcharon/plugins/ha/ha_plugin.c
@@ -179,6 +179,12 @@ plugin_t *ha_plugin_create()
 		return NULL;
 	}
 
+	if (!lib->caps->keep(lib->caps, CAP_CHOWN))
+	{	/* required to chown(2) control socket */
+		DBG1(DBG_CFG, "ha plugin requires CAP_CHOWN capability");
+		return NULL;
+	}
+
 	INIT(this,
 		.public = {
 			.plugin = {
author	Tobias Brunner <tobias@strongswan.org>	2013-06-25 09:03:00 +0200
committer	Tobias Brunner <tobias@strongswan.org>	2013-06-25 17:16:33 +0200
commit	1091edede8b8308bccd3f0d356ab77d70cb97559 (patch)
tree	c1c18b23c3db2ee463984dd19529253e7e02451b /src/libcharon/plugins/ha/ha_plugin.c
parent	19375384403d08624a405a5e733d99bb5be62e2e (diff)
download	strongswan-1091edede8b8308bccd3f0d356ab77d70cb97559.tar.bz2 strongswan-1091edede8b8308bccd3f0d356ab77d70cb97559.tar.xz