Commit 77771185 authored by Brian Wellington's avatar Brian Wellington
Browse files

(#260) Running named as a non-root user failed on Linux kernels new enough to

support retaining capabilities after setuid().
parent bb54e57a
260. [bug] Running named as a non-root user failed on Linux
kernels new enough to support retaining capabilities
after setuid().
259. [func] New random-device and random-seed-file statements
for global options block of named.conf. Both accept
a single string argument.
......
......@@ -38,6 +38,7 @@ static char *pidfile = NULL;
#ifdef HAVE_LINUXTHREADS
static pid_t mainpid = 0;
static isc_boolean_t non_root_caps = ISC_FALSE;
static isc_boolean_t non_root = ISC_FALSE;
#endif
#ifdef HAVE_LINUX_CAPABILITY_H
......@@ -66,7 +67,7 @@ linux_setcaps(unsigned int caps) {
struct __user_cap_header_struct caphead;
struct __user_cap_data_struct cap;
if (getuid() != 0 && !non_root_caps)
if ((getuid() != 0 && !non_root_caps) || non_root)
return;
memset(&caphead, 0, sizeof caphead);
......@@ -153,8 +154,11 @@ linux_keepcaps(void) {
if (errno != EINVAL)
ns_main_earlyfatal("prctl() failed: %s",
strerror(errno));
} else
} else {
non_root_caps = ISC_TRUE;
if (getuid() != 0)
non_root = ISC_TRUE;
}
}
#endif
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment