From 7f2216c931380a1302207459c4116ef509e7dbb0 Mon Sep 17 00:00:00 2001 From: Michal 'vorner' Vaner Date: Sat, 5 Jul 2014 20:48:20 +0200 Subject: [PATCH] Autodetect if we want to support capabilities --- ucw/Makefile | 5 ++++- ucw/daemon.c | 6 ++++++ ucw/daemon.h | 4 ++++ ucw/default.cfg | 3 +++ ucw/perl/UCW/Configure/LibUCW.pm | 5 +++++ 5 files changed, 22 insertions(+), 1 deletion(-) diff --git a/ucw/Makefile b/ucw/Makefile index 160abd5c..9b1d0ff4 100644 --- a/ucw/Makefile +++ b/ucw/Makefile @@ -92,7 +92,7 @@ include $(s)/ucw/doc/Makefile LIBUCW_MOD_PATHS=$(addprefix $(o)/ucw/,$(LIBUCW_MODS)) -export LIBUCW_LIBS=-lm -lcap +export LIBUCW_LIBS=-lm ifdef CONFIG_UCW_THREADS LIBUCW_LIBS+=-lpthread endif @@ -102,6 +102,9 @@ endif ifdef CONFIG_UCW_MONOTONIC_CLOCK LIBUCW_LIBS+=-lrt endif +ifdef CONFIG_UCW_CAPABILITIES +LIBUCW_LIBS+=-lcap +endif $(o)/ucw/libucw$(LV).a: $(addsuffix .o,$(LIBUCW_MOD_PATHS)) $(o)/ucw/libucw$(LV).so: $(addsuffix .oo,$(LIBUCW_MOD_PATHS)) diff --git a/ucw/daemon.c b/ucw/daemon.c index eb4a4d79..f74e0372 100644 --- a/ucw/daemon.c +++ b/ucw/daemon.c @@ -21,7 +21,9 @@ #include #include #include +#ifdef CONFIG_UCW_CAPABILITIES #include +#endif void daemon_resolve_ugid(struct daemon_params *dp) @@ -82,15 +84,18 @@ daemon_resolve_ugid(struct daemon_params *dp) void daemon_switch_ugid(struct daemon_params *dp) { +#ifdef CONFIG_UCW_CAPABILITIES // If we want to preserve some caps across UID switch, keep all first, to avoid having to set them twice. if (dp->keep_caps && prctl(PR_SET_KEEPCAPS, 1L) < 0) die("Can not keep caps: %m"); +#endif if (dp->want_setgid && setresgid(dp->run_as_gid, dp->run_as_gid, dp->run_as_gid) < 0) die("Cannot set GID to %d: %m", (int) dp->run_as_gid); if (dp->want_setgid > 1 && initgroups(dp->run_as_user, dp->run_as_gid) < 0) die("Cannot initialize groups: %m"); if (dp->want_setuid && setresuid(dp->run_as_uid, dp->run_as_uid, dp->run_as_uid) < 0) die("Cannot set UID to %d: %m", (int) dp->run_as_uid); +#ifdef CONFIG_UCW_CAPABILITIES if (dp->keep_caps) { cap_t caps = cap_init(); @@ -106,6 +111,7 @@ void daemon_switch_ugid(struct daemon_params *dp) die("Couldn't give up keeping caps: %m"); cap_free(caps); } +#endif } void diff --git a/ucw/daemon.h b/ucw/daemon.h index ab9f5245..3425d57e 100644 --- a/ucw/daemon.h +++ b/ucw/daemon.h @@ -11,7 +11,9 @@ #define _UCW_DAEMON_H #include +#ifdef CONFIG_UCW_CAPABILITIES #include +#endif #ifdef CONFIG_UCW_CLEAN_ABI #define daemon_control ucw_daemon_control @@ -28,8 +30,10 @@ struct daemon_params { const char *pid_file; // A path to PID file (optional) const char *run_as_user; // User name or "#uid" (optional) const char *run_as_group; // Group name or "#gid" (optional) +#ifdef CONFIG_UCW_CAPABILITIES const cap_value_t *keep_caps; // Keep these capabilities across UID switch (optional) int keep_cap_count; +#endif // Internal uid_t run_as_uid; diff --git a/ucw/default.cfg b/ucw/default.cfg index bc4d48b0..458e104d 100644 --- a/ucw/default.cfg +++ b/ucw/default.cfg @@ -68,6 +68,9 @@ Set("CONFIG_UCW_FB_DIRECT"); # Use monotonic clock (default: yes on Linux, no elsewhere) # Set("CONFIG_UCW_MONOTONIC_CLOCK"); +# Have support for capabilities (default: yes on Linux, no elsewhere) +# Set("CONFIG_UCW_CAPABILITIES"); + # Which regular expression library should be used? If none is selected, we use BSD regex from libc. UnSet("CONFIG_UCW_POSIX_REGEX"); UnSet("CONFIG_UCW_PCRE"); diff --git a/ucw/perl/UCW/Configure/LibUCW.pm b/ucw/perl/UCW/Configure/LibUCW.pm index 7feef1e2..8d30d8c5 100644 --- a/ucw/perl/UCW/Configure/LibUCW.pm +++ b/ucw/perl/UCW/Configure/LibUCW.pm @@ -73,6 +73,11 @@ TestBool("CONFIG_UCW_MONOTONIC_CLOCK", "Checking for monotonic clock", sub { return Get("CONFIG_LINUX"); }); +# Check if we have capabilities (available on linux) +TestBool("CONFIG_UCW_CAPABILITIES", "Checking for capabilities support", sub { + return Get("CONFIG_LINUX"); +}); + if (IsSet("CONFIG_DARWIN")) { # Darwin does not support BSD regexes, fix up if (!IsSet("CONFIG_UCW_POSIX_REGEX") && !IsSet("CONFIG_UCW_PCRE")) { -- 2.39.2