daemon: don't invoke lldpcli after dropping privileges

Otherwise, we don't have access to the Unix socket anymore...

diff --git a/NEWS b/NEWS
index 8a49828e8dfcd591a83a8141355329c25738d1cf..d104d7c39b9b584454d6b88bddbac23af2b907cc 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -7,8 +7,6 @@ lldpd (0.9.5)
       the privileged process.
     + LLDP-MED capability TLV is not sent when LLDP-MED is not enabled,
       even if other LLDP-MED TLV are present.
-    + Invoke lldpcli for initial configuration later (after dropping
-      privileges).
   * Fix:
     + Compilation fix with older versions of GCC.
     + Don't use ethtool at all to get real MAC address for enslaved

diff --git a/src/daemon/lldpd.c b/src/daemon/lldpd.c
index 5de44c9e23641572ad924c9f5d2fa00629c6333f..459358764d68712431162a8fe8b9581940e843eb 100644 (file)
--- a/src/daemon/lldpd.c
+++ b/src/daemon/lldpd.c
@@ -1718,13 +1718,6 @@ lldpd_main(int argc, char *argv[], char *envp[])
        }
 #endif
 
-       log_debug("main", "initialize privilege separation");
-#ifdef ENABLE_PRIVSEP
-       priv_init(PRIVSEP_CHROOT, ctl, uid, gid);
-#else
-       priv_init(PRIVSEP_CHROOT, ctl, 0, 0);
-#endif
-
        /* Configuration with lldpcli */
        if (lldpcli) {
                log_debug("main", "invoking lldpcli for configuration");
@@ -1740,6 +1733,13 @@ lldpd_main(int argc, char *argv[], char *envp[])
                lsb_release = lldpd_get_lsb_release();
        }
 
+       log_debug("main", "initialize privilege separation");
+#ifdef ENABLE_PRIVSEP
+       priv_init(PRIVSEP_CHROOT, ctl, uid, gid);
+#else
+       priv_init(PRIVSEP_CHROOT, ctl, 0, 0);
+#endif
+
        /* Initialization of global configuration */
        if ((cfg = (struct lldpd *)
            calloc(1, sizeof(struct lldpd))) == NULL)