commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Peter Spikings (JIRA)" <j...@apache.org>
Subject [jira] [Created] (DAEMON-320) Can't bind raw sockets in Daemon init method
Date Mon, 30 Jun 2014 14:31:26 GMT
Peter Spikings created DAEMON-320:
-------------------------------------

             Summary: Can't bind raw sockets in Daemon init method
                 Key: DAEMON-320
                 URL: https://issues.apache.org/jira/browse/DAEMON-320
             Project: Commons Daemon
          Issue Type: Bug
          Components: Jsvc
    Affects Versions: 1.0.15
         Environment: Linux with open JDK 7 and jsvc 1.0.8 (bug still exists in 1.0.15)
            Reporter: Peter Spikings
            Priority: Minor


The documentation states that Daemon.init might be called with super user privileges on systems
that support that concept but on Linux compiled with libcap and -user specified it is called
as that user with a few capabilities set which are removed before start is called. This is
based on my readon of jsvc-unix.c which might be wrong.

This is fine if you want to bind to a socket but inadequate if you want to use a capability
which is not included. In my case I need CAP_NET_RAW (utilized by JNI) but the way jsvc is
implemented makes it impossible to do so unless I run the daemon as root or recompile without
libcap.

I suggest either adding a command line flag which makes it remain as root during init or alternatively
provide a way to specify additional capabilities needed during the init call.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message