18 Apr
2011
18 Apr
'11
7:23 p.m.
Serge Hallyn <serge.hallyn@canonical.com> writes:
(A-ha - great idea from Andrew - we *can* figure out whether the kernel knows about CAP_SYSLOG, using the bounding set API)
If cap_syslog exists, the kernel will complain (once) that we only have cap_sys_admin. Additionally, using cap_syslog instead of cap_sys_admin significantly lowers the unneeded privs we are using.
Changelog: v2: At startup, detect whether libcap knows about CAP_SYSLOG. (Thanks to Gergely Nagy for pointing out that case) v3: Andrew Morgan pointed out a nice way to detect whether the kernel has CAP_SYSLOG. Thanks, Andrew!
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Looks good to me! -- |8]