sys_netbsd: use privileged helper for socket binding
When dropping root privileges, start the helper to allow binding of server sockets later.
This commit is contained in:
Miroslav Lichvar
parent
fedc605956
commit
46f0ad6b53
2 changed files with 4 additions and 0 deletions
1
configure
vendored
1
configure
vendored
|
|
@ -614,6 +614,7 @@ if [ $feat_droproot = "1" ] && [ $try_clockctl = "1" ] && \
|
|||
test_code '<sys/clockctl.h>' 'sys/clockctl.h' '' '' ''
|
||||
then
|
||||
add_def FEAT_PRIVDROP
|
||||
priv_ops="BINDSOCKET"
|
||||
fi
|
||||
|
||||
if [ $feat_scfilter = "1" ] && [ $try_seccomp = "1" ] && \
|
||||
|
|
|
|||
|
|
@ -33,6 +33,7 @@
|
|||
#include "sys_netbsd.h"
|
||||
#include "sys_timex.h"
|
||||
#include "logging.h"
|
||||
#include "privops.h"
|
||||
#include "util.h"
|
||||
|
||||
/* Maximum frequency offset accepted by the kernel (in ppm) */
|
||||
|
|
@ -124,6 +125,8 @@ SYS_NetBSD_DropRoot(uid_t uid, gid_t gid)
|
|||
{
|
||||
int fd;
|
||||
|
||||
PRV_StartHelper();
|
||||
|
||||
if (setgroups(0, NULL))
|
||||
LOG_FATAL(LOGF_SysNetBSD, "setgroups() failed : %s", strerror(errno));
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue