diff options
| -rw-r--r-- | src/charon-nm/nm/nm_backend.c | 12 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/agent/agent_plugin.c | 8 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/agent/agent_private_key.c | 1 | ||||
| -rw-r--r-- | src/libstrongswan/utils/capabilities.h | 3 |
4 files changed, 10 insertions, 14 deletions
diff --git a/src/charon-nm/nm/nm_backend.c b/src/charon-nm/nm/nm_backend.c index f474dad60..ebebde2c0 100644 --- a/src/charon-nm/nm/nm_backend.c +++ b/src/charon-nm/nm/nm_backend.c @@ -22,10 +22,6 @@ #include <daemon.h> #include <processing/jobs/callback_job.h> -#ifndef CAP_DAC_OVERRIDE -#define CAP_DAC_OVERRIDE 1 -#endif - typedef struct nm_backend_t nm_backend_t; /** @@ -143,14 +139,6 @@ static bool nm_backend_init() return FALSE; } - /* bypass file permissions to read from users ssh-agent */ - if (!lib->caps->keep(lib->caps, CAP_DAC_OVERRIDE)) - { - DBG1(DBG_CFG, "NM backend requires CAP_DAC_OVERRIDE capability"); - nm_backend_deinit(); - return FALSE; - } - lib->processor->queue_job(lib->processor, (job_t*)callback_job_create_with_prio((callback_job_cb_t)run, this, NULL, (callback_job_cancel_t)cancel, JOB_PRIO_CRITICAL)); diff --git a/src/libstrongswan/plugins/agent/agent_plugin.c b/src/libstrongswan/plugins/agent/agent_plugin.c index 322ded48c..dc6adc457 100644 --- a/src/libstrongswan/plugins/agent/agent_plugin.c +++ b/src/libstrongswan/plugins/agent/agent_plugin.c @@ -63,6 +63,13 @@ plugin_t *agent_plugin_create() { private_agent_plugin_t *this; + /* required to connect to ssh-agent socket */ + if (!lib->caps->keep(lib->caps, CAP_DAC_OVERRIDE)) + { + DBG1(DBG_DMN, "agent plugin requires CAP_DAC_OVERRIDE capability"); + return NULL; + } + INIT(this, .public = { .plugin = { @@ -75,4 +82,3 @@ plugin_t *agent_plugin_create() return &this->public.plugin; } - diff --git a/src/libstrongswan/plugins/agent/agent_private_key.c b/src/libstrongswan/plugins/agent/agent_private_key.c index 8a3fb150a..c2e82a9f1 100644 --- a/src/libstrongswan/plugins/agent/agent_private_key.c +++ b/src/libstrongswan/plugins/agent/agent_private_key.c @@ -442,4 +442,3 @@ agent_private_key_t *agent_private_key_open(key_type_t type, va_list args) } return &this->public; } - diff --git a/src/libstrongswan/utils/capabilities.h b/src/libstrongswan/utils/capabilities.h index fe11a4dfc..20c18554b 100644 --- a/src/libstrongswan/utils/capabilities.h +++ b/src/libstrongswan/utils/capabilities.h @@ -44,6 +44,9 @@ typedef struct capabilities_t capabilities_t; #ifndef CAP_NET_RAW # define CAP_NET_RAW 13 #endif +#ifndef CAP_DAC_OVERRIDE +# define CAP_DAC_OVERRIDE 1 +#endif /** * POSIX capability dropping abstraction layer. |