Mercurial > dovecot > original-hg > dovecot-1.2
annotate src/master/capabilities-posix.c @ 9490:fd84592e817b HEAD
dovecot-example.conf: Updated dict comments.
| author | Timo Sirainen <tss@iki.fi> |
|---|---|
| date | Mon, 23 Nov 2009 13:08:47 -0500 |
| parents | 59490181469e |
| children |
| rev | line source |
|---|---|
|
5789
4f22660ffd33
Move POSIX capabilities dropping into separate function.
Andrey Panin <pazke@donpac.ru>
parents:
diff
changeset
|
1 #include "common.h" |
|
4f22660ffd33
Move POSIX capabilities dropping into separate function.
Andrey Panin <pazke@donpac.ru>
parents:
diff
changeset
|
2 #include "capabilities.h" |
|
4f22660ffd33
Move POSIX capabilities dropping into separate function.
Andrey Panin <pazke@donpac.ru>
parents:
diff
changeset
|
3 |
|
4f22660ffd33
Move POSIX capabilities dropping into separate function.
Andrey Panin <pazke@donpac.ru>
parents:
diff
changeset
|
4 #ifdef HAVE_LIBCAP |
|
4f22660ffd33
Move POSIX capabilities dropping into separate function.
Andrey Panin <pazke@donpac.ru>
parents:
diff
changeset
|
5 |
|
4f22660ffd33
Move POSIX capabilities dropping into separate function.
Andrey Panin <pazke@donpac.ru>
parents:
diff
changeset
|
6 #include <sys/capability.h> |
|
4f22660ffd33
Move POSIX capabilities dropping into separate function.
Andrey Panin <pazke@donpac.ru>
parents:
diff
changeset
|
7 |
|
4f22660ffd33
Move POSIX capabilities dropping into separate function.
Andrey Panin <pazke@donpac.ru>
parents:
diff
changeset
|
8 void drop_capabilities(void) |
|
4f22660ffd33
Move POSIX capabilities dropping into separate function.
Andrey Panin <pazke@donpac.ru>
parents:
diff
changeset
|
9 { |
|
4f22660ffd33
Move POSIX capabilities dropping into separate function.
Andrey Panin <pazke@donpac.ru>
parents:
diff
changeset
|
10 /* the capabilities that we *need* in order to operate */ |
|
4f22660ffd33
Move POSIX capabilities dropping into separate function.
Andrey Panin <pazke@donpac.ru>
parents:
diff
changeset
|
11 static cap_value_t suidcaps[] = { |
|
4f22660ffd33
Move POSIX capabilities dropping into separate function.
Andrey Panin <pazke@donpac.ru>
parents:
diff
changeset
|
12 CAP_CHOWN, |
|
4f22660ffd33
Move POSIX capabilities dropping into separate function.
Andrey Panin <pazke@donpac.ru>
parents:
diff
changeset
|
13 CAP_SYS_CHROOT, |
|
4f22660ffd33
Move POSIX capabilities dropping into separate function.
Andrey Panin <pazke@donpac.ru>
parents:
diff
changeset
|
14 CAP_SETUID, |
|
4f22660ffd33
Move POSIX capabilities dropping into separate function.
Andrey Panin <pazke@donpac.ru>
parents:
diff
changeset
|
15 CAP_SETGID, |
|
5823
c1b32cd98e68
Preserve DAC_OVERRIDE capability. We may want to open any config/log files.
root@hurina
parents:
5789
diff
changeset
|
16 CAP_NET_BIND_SERVICE, |
|
c1b32cd98e68
Preserve DAC_OVERRIDE capability. We may want to open any config/log files.
root@hurina
parents:
5789
diff
changeset
|
17 /* we may want to open any config/log files */ |
|
c1b32cd98e68
Preserve DAC_OVERRIDE capability. We may want to open any config/log files.
root@hurina
parents:
5789
diff
changeset
|
18 CAP_DAC_OVERRIDE |
|
5789
4f22660ffd33
Move POSIX capabilities dropping into separate function.
Andrey Panin <pazke@donpac.ru>
parents:
diff
changeset
|
19 }; |
|
4f22660ffd33
Move POSIX capabilities dropping into separate function.
Andrey Panin <pazke@donpac.ru>
parents:
diff
changeset
|
20 cap_t caps; |
|
4f22660ffd33
Move POSIX capabilities dropping into separate function.
Andrey Panin <pazke@donpac.ru>
parents:
diff
changeset
|
21 |
|
4f22660ffd33
Move POSIX capabilities dropping into separate function.
Andrey Panin <pazke@donpac.ru>
parents:
diff
changeset
|
22 caps = cap_init(); |
|
4f22660ffd33
Move POSIX capabilities dropping into separate function.
Andrey Panin <pazke@donpac.ru>
parents:
diff
changeset
|
23 cap_clear(caps); |
|
4f22660ffd33
Move POSIX capabilities dropping into separate function.
Andrey Panin <pazke@donpac.ru>
parents:
diff
changeset
|
24 cap_set_flag(caps, CAP_PERMITTED, |
|
6494
59490181469e
Use N_ELEMENTS() macro instead of doing sizeof()/sizeof([0]) ourself.
Timo Sirainen <tss@iki.fi>
parents:
5823
diff
changeset
|
25 N_ELEMENTS(suidcaps), suidcaps, CAP_SET); |
|
5789
4f22660ffd33
Move POSIX capabilities dropping into separate function.
Andrey Panin <pazke@donpac.ru>
parents:
diff
changeset
|
26 cap_set_flag(caps, CAP_EFFECTIVE, |
|
6494
59490181469e
Use N_ELEMENTS() macro instead of doing sizeof()/sizeof([0]) ourself.
Timo Sirainen <tss@iki.fi>
parents:
5823
diff
changeset
|
27 N_ELEMENTS(suidcaps), suidcaps, CAP_SET); |
|
5789
4f22660ffd33
Move POSIX capabilities dropping into separate function.
Andrey Panin <pazke@donpac.ru>
parents:
diff
changeset
|
28 cap_set_proc(caps); |
|
4f22660ffd33
Move POSIX capabilities dropping into separate function.
Andrey Panin <pazke@donpac.ru>
parents:
diff
changeset
|
29 cap_free(caps); |
|
4f22660ffd33
Move POSIX capabilities dropping into separate function.
Andrey Panin <pazke@donpac.ru>
parents:
diff
changeset
|
30 } |
|
4f22660ffd33
Move POSIX capabilities dropping into separate function.
Andrey Panin <pazke@donpac.ru>
parents:
diff
changeset
|
31 |
|
4f22660ffd33
Move POSIX capabilities dropping into separate function.
Andrey Panin <pazke@donpac.ru>
parents:
diff
changeset
|
32 #endif |