[syslog-ng] [Bug 42] capabilities, chown, chmod

bugzilla at bugzilla.balabit.com bugzilla at bugzilla.balabit.com
Tue May 5 15:10:04 CEST 2009


https://bugzilla.balabit.com/show_bug.cgi?id=42





--- Comment #3 from Zbigniew Krzystolik <zbyniu at pld-linux.org>  2009-05-05 15:10:04 ---
Created an attachment (id=14)
 --> (https://bugzilla.balabit.com/attachment.cgi?id=14)
Better CAPs support

+  if (privileged)
+      g_process_cap_modify(CAP_SYS_ADMIN, TRUE);
+  saved_caps = g_process_cap_save();

Add CAP_SYS_ADMIN permanently on open /proc/kmsg but only if it is used. If you remove source /proc/kmsg and reload
cap will not be dropped.

+  g_process_cap_modify(CAP_DAC_OVERRIDE, TRUE);

CAP_DAC_OVERRIDE before create_containing_directory

-  if (privileged)
-    {
-      g_process_cap_restore(saved_caps);
-    }
+  g_process_cap_restore(saved_caps);

Restore caps always.

I've tested it all please review.


-- 
Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.


More information about the syslog-ng mailing list