commons-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mt...@apache.org
Subject svn commit: r980512 - /commons/proper/daemon/trunk/src/native/unix/native/jsvc-unix.c
Date Thu, 29 Jul 2010 17:10:18 GMT
Author: mturk
Date: Thu Jul 29 17:10:17 2010
New Revision: 980512

URL: http://svn.apache.org/viewvc?rev=980512&view=rev
Log:
DAEMON-168: WIthout CAP_DAC_OVERRIDE, the caps_set_proc fails

Modified:
    commons/proper/daemon/trunk/src/native/unix/native/jsvc-unix.c

Modified: commons/proper/daemon/trunk/src/native/unix/native/jsvc-unix.c
URL: http://svn.apache.org/viewvc/commons/proper/daemon/trunk/src/native/unix/native/jsvc-unix.c?rev=980512&r1=980511&r2=980512&view=diff
==============================================================================
--- commons/proper/daemon/trunk/src/native/unix/native/jsvc-unix.c (original)
+++ commons/proper/daemon/trunk/src/native/unix/native/jsvc-unix.c Thu Jul 29 17:10:17 2010
@@ -156,7 +156,8 @@ static cap_value_t caps_std[] = {
     CAP_NET_BIND_SERVICE,
     CAP_SETUID,
     CAP_SETGID,
-    CAP_DAC_READ_SEARCH
+    CAP_DAC_READ_SEARCH,
+    CAP_DAC_OVERRIDE
 };
 
 static cap_value_t caps_min[] = {
@@ -188,10 +189,15 @@ static int set_caps(int cap_type)
     cap_set_flag(c, CAP_INHERITABLE, ncap, caps, CAP_SET);
     cap_set_flag(c, CAP_PERMITTED,   ncap, caps, CAP_SET);
     if (cap_set_proc(c) != 0) {
-        log_error("failed setting capabilities in set_caps");
+        log_error("failed setting %s capabilities.",
+                  cap_type == CAPS ? "default" : "min");
         return -1;
     }
     cap_free(c);
+    if (cap_type == CAPS)
+        log_debug("increased capability set.");
+    else
+        log_debug("decreased capability set to min required.");
     return 0;
 }
 



Mime
View raw message