From a6128224ec0cb72dd4e5ceecac19bfcd4363fc03 Mon Sep 17 00:00:00 2001 From: Vincent Bernat Date: Wed, 18 Mar 2015 15:35:10 +0100 Subject: [PATCH] priv: use SOCK_STREAM for monitor communication SOCK_SEQPACKET is better but not available everywhere. We can't just fallback to SOCK_DGRAM since we lose the ability to detect when the monitor dies. So, we use SOCK_STREAM (now possible with commit 004b5f944539). The code (stolen from OpenBSD) was already ready for that. --- src/daemon/priv.c | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/src/daemon/priv.c b/src/daemon/priv.c index 263b2296..37147358 100644 --- a/src/daemon/priv.c +++ b/src/daemon/priv.c @@ -412,6 +412,7 @@ priv_loop(int privileged, int once) #endif #endif while (!may_read(PRIV_PRIVILEGED, &cmd, sizeof(enum priv_cmd))) { + log_debug("privsep", "received command %d", cmd); for (a = actions; a->function != NULL; a++) { if (cmd == a->msg) { a->function(); @@ -589,15 +590,9 @@ priv_init(const char *chrootdir, int ctl, uid_t uid, gid_t gid) int pair[2]; /* Create socket pair */ - if (socketpair(AF_UNIX, SOCK_SEQPACKET, PF_UNSPEC, pair) < 0) { - if (errno == EAFNOSUPPORT || - errno == EOPNOTSUPP || - errno == EPROTONOSUPPORT) { - if (socketpair(AF_UNIX, SOCK_DGRAM, PF_UNSPEC, pair) < 0) { - fatal("privsep", - "unable to create socket pair for privilege separation"); - } - } + if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, pair) < 0) { + fatal("privsep", + "unable to create socket pair for privilege separation"); } priv_unprivileged_fd(pair[0]); -- 2.39.5