makeControlChannelSocket( ::arg().asNum("processes") > 1 ? forks : -1);
Utility::dropUserPrivs(newuid);
+ try {
+ /* we might still have capabilities remaining, for example if we have been started as root
+ without --setuid (please don't do that) or as an unprivileged user with ambient capabilities
+ like CAP_NET_BIND_SERVICE.
+ */
+ dropCapabilities();
+ }
+ catch(const std::exception& e) {
+ g_log<<Logger::Warning<<e.what()<<endl;
+ }
startLuaConfigDelayedThreads(delayedLuaThreads, g_luaconfs.getCopy().generation);
JSON11_LIBS = $(top_srcdir)/ext/json11/libjson11.la
PROBDS_LIBS = $(top_srcdir)/ext/probds/libprobds.la
-AM_CPPFLAGS = $(LUA_CFLAGS) $(YAHTTP_CFLAGS) $(BOOST_CPPFLAGS) $(LIBSODIUM_CFLAGS) $(NET_SNMP_CFLAGS) $(SANITIZER_FLAGS) -O3 -Wall -pthread -DSYSCONFDIR=\"${sysconfdir}\" $(SYSTEMD_CFLAGS)
+AM_CPPFLAGS = $(LUA_CFLAGS) $(YAHTTP_CFLAGS) $(BOOST_CPPFLAGS) $(LIBSODIUM_CFLAGS) $(NET_SNMP_CFLAGS) $(LIBCAP_CFLAGS) $(SANITIZER_FLAGS) -O3 -Wall -pthread -DSYSCONFDIR=\"${sysconfdir}\" $(SYSTEMD_CFLAGS)
AM_CPPFLAGS += \
-I$(top_srcdir)/ext/json11 \
$(SYSTEMD_LIBS) \
$(RT_LIBS) \
$(BOOST_SYSTEM_LIBS) \
- $(PROBDS_LIBS)
+ $(PROBDS_LIBS) \
+ $(LIBCAP_LIBS)
pdns_recursor_LDFLAGS = $(AM_LDFLAGS) \
$(LIBCRYPTO_LDFLAGS) $(BOOST_CONTEXT_LDFLAGS) \
$(LIBCRYPTO_LIBS) \
$(RT_LIBS) \
$(BOOST_SYSTEM_LIBS) \
- $(PROBDS_LIBS)
+ $(PROBDS_LIBS) \
+ $(LIBCAP_LIBS)
if NOD_ENABLED
testrunner_SOURCES += nod.hh nod.cc \
rec_control.cc \
unix_utility.cc
+rec_control_LDADD = \
+ $(LIBCAP_LIBS)
+
dnslabeltext.cc: dnslabeltext.rl
$(AM_V_GEN)$(RAGEL) $< -o dnslabeltext.cc
projects / thirdparty / pdns.git / commitdiff
