Mercurial > dovecot > core-2.2
view src/master/capabilities-posix.c @ 19552:0f22db71df7a
global: freshen copyright
git ls-files | xargs perl -p -i -e 's/(\d+)-201[0-5]/$1-2016/g;s/ (201[0-5]) Dovecot/ $1-2016 Dovecot/'
author | Timo Sirainen <timo.sirainen@dovecot.fi> |
---|---|
date | Wed, 13 Jan 2016 12:24:03 +0200 |
parents | 3009a1a6f6d5 |
children | 2e2563132d5f |
line wrap: on
line source
/* Copyright (c) 2013-2016 Dovecot authors, see the included COPYING file */ #include "common.h" #include "capabilities.h" #ifdef HAVE_LIBCAP #include <sys/capability.h> void drop_capabilities(void) { /* the capabilities that we *need* in order to operate */ static cap_value_t suidcaps[] = { CAP_CHOWN, CAP_KILL, CAP_SYS_CHROOT, CAP_SETUID, CAP_SETGID, CAP_NET_BIND_SERVICE, /* we may want to open any config/log files */ CAP_DAC_OVERRIDE }; cap_t caps; caps = cap_init(); cap_clear(caps); cap_set_flag(caps, CAP_PERMITTED, N_ELEMENTS(suidcaps), suidcaps, CAP_SET); cap_set_flag(caps, CAP_EFFECTIVE, N_ELEMENTS(suidcaps), suidcaps, CAP_SET); cap_set_proc(caps); cap_free(caps); } #endif