priv: add ability to lock filter on Linux

This is a new feature which should be available in Linux 3.9. See:
 http://git.kernel.org/?p=linux/kernel/git/davem/net-next.git;a=commit;h=d59577b6ffd313d0ab3be39cb1ab47e29bdc9182

diff --git a/src/daemon/priv.c b/src/daemon/priv.c
index 41eca52251c5d7984eb6882a618ec7da3550b686..ad4746d282e3a51ef91197e9c4d5a939f143a252 100644 (file)
--- a/src/daemon/priv.c
+++ b/src/daemon/priv.c
@@ -372,10 +372,22 @@ asroot_iface_init()
        if (setsockopt(fd, SOL_SOCKET, SO_ATTACH_FILTER,
                 &prog, sizeof(prog)) < 0) {
                rc = errno;
-               log_info("privsep", "unable to change filter for %s", name);
+               log_warn("privsep", "unable to change filter for %s", name);
                goto end;
        }
 
+#ifdef SO_LOCK_FILTER
+       int enable = 1;
+       if (setsockopt(fd, SOL_SOCKET, SO_LOCK_FILTER,
+               &enable, sizeof(enable)) < 0) {
+               if (errno != ENOPROTOOPT) {
+                       rc = errno;
+                       log_warn("privsep", "unable to lock filter for %s", name);
+                       goto end;
+               }
+       }
+#endif
+
        rc = 0;
 
 #elif defined HOST_OS_FREEBSD || \