From fd0bf3d36f3295fbc7c6d4bed34e2d2849764e68 Mon Sep 17 00:00:00 2001 From: Vincent Untz Date: Fri, 6 May 2011 14:14:21 +0200 Subject: [PATCH] Improved checks for fs capabilities, and drop unneeded ones If we have fs capabilities, we first need to check that we really do have ipc_lock, and if that's the case we just keep ipc_lock and drop everything else. https://bugzilla.gnome.org/show_bug.cgi?id=649560 --- daemon/gkd-capability.c | 19 +++++++++++++++++-- 1 files changed, 17 insertions(+), 2 deletions(-) diff --git a/daemon/gkd-capability.c b/daemon/gkd-capability.c index 5b47f4e..e15200a 100644 --- a/daemon/gkd-capability.c +++ b/daemon/gkd-capability.c @@ -71,11 +71,26 @@ gkd_capability_obtain_capability_and_drop_privileges (void) early_error ("failed dropping capabilities"); break; case CAPNG_FAIL: - case CAPNG_NONE: early_error ("error getting process capabilities"); break; + case CAPNG_NONE: + early_error ("insufficient process capabilities"); + break; case CAPNG_PARTIAL: /* File system based capabilities */ - break; + if (!capng_have_capability (CAPNG_EFFECTIVE, CAP_IPC_LOCK)) { + early_error ("insufficient process capabilities"); + break; + } + + /* Drop all capabilities except ipc_lock */ + capng_clear (CAPNG_SELECT_BOTH); + if (capng_update (CAPNG_ADD, + CAPNG_EFFECTIVE|CAPNG_PERMITTED, + CAP_IPC_LOCK) != 0) + early_error ("error dropping process capabilities"); + if (capng_apply (CAPNG_SELECT_BOTH) != 0) + early_error ("error dropping process capabilities"); + break; } #endif /* HAVE_LIBCAPNG */ } -- 1.7.4.2