mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-01 06:55:30 +00:00
Code Issues Releases Wiki Activity

remove CAP_SYS_RESOURCE

Browse Source
This commit is contained in:
Bob Halley
2000-02-01 20:17:32 +00:00
parent 54e587cfac
commit 5e4b7294d8
1 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
bin/named/unix/os.c
View File

@@ -76,14 +76,16 @@ linux_initialprivs(void) {
/* /*
* Drop all privileges except the abilities to bind() to privileged * Drop all privileges except the abilities to bind() to privileged
* ports, set resource limits, and chroot(). * ports and chroot().
*/ */
caps = 0; caps = 0;
caps |= (1 << CAP_NET_BIND_SERVICE); caps |= (1 << CAP_NET_BIND_SERVICE);
caps |= (1 << CAP_SYS_RESOURCE);
caps |= (1 << CAP_SYS_CHROOT); caps |= (1 << CAP_SYS_CHROOT);
/*
* XXX We might want to add CAP_SYS_RESOURCE, though it's not
* clear it would work right given the way linuxthreads work.
*/
linux_setcaps(caps); linux_setcaps(caps);
} }
@@ -93,12 +95,11 @@ linux_minprivs(void) {
/* /*
* Drop all privileges except the abilities to bind() to privileged * Drop all privileges except the abilities to bind() to privileged
* ports and set resource limits. * ports.
*/ */
caps = 0; caps = 0;
caps |= (1 << CAP_NET_BIND_SERVICE); caps |= (1 << CAP_NET_BIND_SERVICE);
caps |= (1 << CAP_SYS_RESOURCE);
linux_setcaps(caps); linux_setcaps(caps);
} }