* Changes:
+ On Linux, the monitor process will now drop its privileges
instead of running as root. It will keep CAP_NET_RAW and
- CAP_NET_ADMIN capabilities. When using SNMP AgentX feature, the
- access to the socket may require to grant access to _lldpd user.
+ CAP_NET_ADMIN capabilities. When SNMP support is enabled, it may
+ also require CAP_FOWNER.
lldpd (1.0.1)
* Fix:
log_debug("main", "initialize privilege separation");
#ifdef ENABLE_PRIVSEP
- priv_init(PRIVSEP_CHROOT, ctl, uid, gid);
+ priv_init(PRIVSEP_CHROOT, ctl, uid, gid,
+#ifdef USE_SNMP
+ (agentx ? agentx : agent_default_agentx_socket())[0] == '/'
+#else
+ 0
+#endif
+ );
#else
- priv_init(PRIVSEP_CHROOT, ctl, 0, 0);
+ priv_init(PRIVSEP_CHROOT, ctl, 0, 0, 0);
#endif
/* Initialization of global configuration */
#ifdef ENABLE_PRIVSEP
/* agent_priv.c */
void agent_priv_register_domain(void);
+const char *agent_default_agentx_socket(void);
#endif
/* client.c */
int*);
/* priv.c */
-void priv_init(const char*, int, uid_t, gid_t);
+void priv_init(const char*, int, uid_t, gid_t, int);
void priv_wait(void);
void priv_ctl_cleanup(const char *ctlname);
char *priv_gethostname(void);
}
void
-priv_caps(uid_t uid, gid_t gid)
+priv_caps(uid_t uid, gid_t gid, int fowner)
{
#ifdef HAVE_LINUX_CAPABILITIES
cap_t caps;
- log_debug("privsep", "getting CAP_NET_RAW/ADMIN privilege");
- if (!(caps = cap_from_text("cap_net_raw,cap_net_admin,cap_setuid,cap_setgid=pe")))
+ const char *caps_strings[2];
+ if (fowner) {
+ log_debug("privsep", "getting CAP_NET_RAW/ADMIN and CAP_FOWNER privilege");
+ caps_strings[0] = "cap_fowner,cap_net_raw,cap_net_admin,cap_setuid,cap_setgid=pe";
+ caps_strings[1] = "cap_fowner,cap_net_raw,cap_net_admin=pe";
+ } else {
+ log_debug("privsep", "getting CAP_NET_RAW/ADMIN privilege");
+ caps_strings[0] = "cap_net_raw,cap_net_admin,cap_setuid,cap_setgid=pe";
+ caps_strings[1] = "cap_net_raw,cap_net_admin=pe";
+ }
+ if (!(caps = cap_from_text(caps_strings[0])))
fatal("privsep", "unable to convert caps");
if (cap_set_proc(caps) == -1) {
log_warn("privsep", "unable to drop privileges, monitor running as root");
priv_drop(uid, gid);
log_debug("privsep", "dropping extra capabilities");
- if (!(caps = cap_from_text("cap_net_raw,cap_net_admin=pe")))
+ if (!(caps = cap_from_text(caps_strings[1])))
fatal("privsep", "unable to convert caps");
if (cap_set_proc(caps) == -1)
fatal("privsep", "unable to drop extra privileges");
}
void
-priv_init(const char *chrootdir, int ctl, uid_t uid, gid_t gid)
+priv_init(const char *chrootdir, int ctl, uid_t uid, gid_t gid, int fowner)
{
int pair[2];
if (atexit(priv_exit) != 0)
fatal("privsep", "unable to set exit function");
- priv_caps(uid, gid);
+ priv_caps(uid, gid, fowner);
/* Install signal handlers */
const struct sigaction pass_to_child = {