Merge branch 'check-caps'

Plugins may now ensure the process has all the required capabilities.
Some minor changes to UID/GID handling are also included.

1 files changed, 8 insertions, 2 deletions

diff --git a/src/libcharon/plugins/smp/smp.c b/src/libcharon/plugins/smp/smp.c
index ad5029d1c..d13b82216 100644
--- a/src/libcharon/plugins/smp/smp.c
+++ b/src/libcharon/plugins/smp/smp.c
@@ -739,6 +739,12 @@ plugin_t *smp_plugin_create()
 	private_smp_t *this;
 	mode_t old;
 
+	if (!lib->caps->keep(lib->caps, CAP_CHOWN))
+	{	/* required to chown(2) control socket */
+		DBG1(DBG_CFG, "smp plugin requires CAP_CHOWN capability");
+		return NULL;
+	}
+
 	INIT(this,
 		.public = {
 			.plugin = {
@@ -768,8 +774,8 @@ plugin_t *smp_plugin_create()
 		return NULL;
 	}
 	umask(old);
-	if (chown(unix_addr.sun_path, charon->caps->get_uid(charon->caps),
-			  charon->caps->get_gid(charon->caps)) != 0)
+	if (chown(unix_addr.sun_path, lib->caps->get_uid(lib->caps),
+			  lib->caps->get_gid(lib->caps)) != 0)
 	{
 		DBG1(DBG_CFG, "changing XML socket permissions failed: %s", strerror(errno));
 	}