diff options
| author | Klaus Schmidinger <vdr@tvdr.de> | 2019-03-18 13:39:56 +0100 |
|---|---|---|
| committer | Klaus Schmidinger <vdr@tvdr.de> | 2019-03-18 13:39:56 +0100 |
| commit | 1fa861ecb9fa6327af7e8b6af213ead16fe76f47 (patch) | |
| tree | 91b87756a4b40e61bda42149857023ca0d97afba /vdr.c | |
| parent | 2cf207b53ed5502eea44ccff04aea714cc88ca99 (diff) | |
| download | vdr-1fa861ecb9fa6327af7e8b6af213ead16fe76f47.tar.gz vdr-1fa861ecb9fa6327af7e8b6af213ead16fe76f47.tar.bz2 | |
Fixed dropping capabilities in case cap_sys_time is not available
Diffstat (limited to 'vdr.c')
| -rw-r--r-- | vdr.c | 22 |
1 files changed, 20 insertions, 2 deletions
@@ -22,7 +22,7 @@ * * The project's page is at http://www.tvdr.de * - * $Id: vdr.c 4.28 2019/03/12 10:01:16 kls Exp $ + * $Id: vdr.c 4.29 2019/03/18 11:17:07 kls Exp $ */ #include <getopt.h> @@ -126,7 +126,25 @@ static bool SetUser(const char *User, bool UserDump) static bool DropCaps(void) { // drop all capabilities except selected ones - cap_t caps = cap_from_text("= cap_sys_nice,cap_sys_time,cap_net_raw=ep"); + cap_t caps_all = cap_get_proc(); + if (!caps_all) { + fprintf(stderr, "vdr: cap_get_proc failed: %s\n", strerror(errno)); + return false; + } + char *caps_text = cap_to_text(caps_all, NULL); + if (!caps_text) { + fprintf(stderr, "vdr: cap_to_text failed: %s\n", strerror(errno)); + return false; + } + if (cap_free(caps_all)) { + fprintf(stderr, "vdr: cap_free failed: %s\n", strerror(errno)); + return false; + } + cap_t caps; + if (strstr(caps_text,"cap_sys_time")) + caps = cap_from_text("= cap_sys_nice,cap_sys_time,cap_net_raw=ep"); + else + caps = cap_from_text("= cap_sys_nice,cap_net_raw=ep"); if (!caps) { fprintf(stderr, "vdr: cap_from_text failed: %s\n", strerror(errno)); return false; |