From e47140de546f60636341b2e26470680dd9e7b62a Mon Sep 17 00:00:00 2001 From: Vincent Bernat Date: Thu, 29 Sep 2016 07:12:33 +0200 Subject: [PATCH] daemon: don't invoke lldpcli after dropping privileges Otherwise, we don't have access to the Unix socket anymore... --- NEWS | 2 -- src/daemon/lldpd.c | 14 +++++++------- 2 files changed, 7 insertions(+), 9 deletions(-) diff --git a/NEWS b/NEWS index 8a49828e..d104d7c3 100644 --- a/NEWS +++ b/NEWS @@ -7,8 +7,6 @@ lldpd (0.9.5) the privileged process. + LLDP-MED capability TLV is not sent when LLDP-MED is not enabled, even if other LLDP-MED TLV are present. - + Invoke lldpcli for initial configuration later (after dropping - privileges). * Fix: + Compilation fix with older versions of GCC. + Don't use ethtool at all to get real MAC address for enslaved diff --git a/src/daemon/lldpd.c b/src/daemon/lldpd.c index 5de44c9e..45935876 100644 --- a/src/daemon/lldpd.c +++ b/src/daemon/lldpd.c @@ -1718,13 +1718,6 @@ lldpd_main(int argc, char *argv[], char *envp[]) } #endif - log_debug("main", "initialize privilege separation"); -#ifdef ENABLE_PRIVSEP - priv_init(PRIVSEP_CHROOT, ctl, uid, gid); -#else - priv_init(PRIVSEP_CHROOT, ctl, 0, 0); -#endif - /* Configuration with lldpcli */ if (lldpcli) { log_debug("main", "invoking lldpcli for configuration"); @@ -1740,6 +1733,13 @@ lldpd_main(int argc, char *argv[], char *envp[]) lsb_release = lldpd_get_lsb_release(); } + log_debug("main", "initialize privilege separation"); +#ifdef ENABLE_PRIVSEP + priv_init(PRIVSEP_CHROOT, ctl, uid, gid); +#else + priv_init(PRIVSEP_CHROOT, ctl, 0, 0); +#endif + /* Initialization of global configuration */ if ((cfg = (struct lldpd *) calloc(1, sizeof(struct lldpd))) == NULL) -- 2.39.5