From: Vincent Bernat <bernat@luffy.cx>
Date: Thu, 17 Jan 2013 21:01:34 +0000 (+0100)
Subject: priv: add ability to lock filter on Linux
X-Git-Tag: 0.7.2~49
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=14c30a6bf6af39d8d5aa49c3b5a53687adb841a7;p=thirdparty%2Flldpd.git

priv: add ability to lock filter on Linux

This is a new feature which should be available in Linux 3.9. See:
 http://git.kernel.org/?p=linux/kernel/git/davem/net-next.git;a=commit;h=d59577b6ffd313d0ab3be39cb1ab47e29bdc9182
---

diff --git a/src/daemon/priv.c b/src/daemon/priv.c
index 41eca522..ad4746d2 100644
--- a/src/daemon/priv.c
+++ b/src/daemon/priv.c
@@ -372,10 +372,22 @@ asroot_iface_init()
 	if (setsockopt(fd, SOL_SOCKET, SO_ATTACH_FILTER,
                 &prog, sizeof(prog)) < 0) {
 		rc = errno;
-		log_info("privsep", "unable to change filter for %s", name);
+		log_warn("privsep", "unable to change filter for %s", name);
 		goto end;
 	}
 
+#ifdef SO_LOCK_FILTER
+	int enable = 1;
+	if (setsockopt(fd, SOL_SOCKET, SO_LOCK_FILTER,
+		&enable, sizeof(enable)) < 0) {
+		if (errno != ENOPROTOOPT) {
+			rc = errno;
+			log_warn("privsep", "unable to lock filter for %s", name);
+			goto end;
+		}
+	}
+#endif
+
 	rc = 0;
 
 #elif defined HOST_OS_FREEBSD || \