sys_netbsd: use privileged helper for socket binding

When dropping root privileges, start the helper to allow binding
of server sockets later.

diff --git a/configure b/configure
index ff95b17e149445f0ecdb3f52172b8ff87c413607..df4f80a3eefc7c1002a6ebc7fb807ae826fc7253 100755 (executable)
--- a/configure
+++ b/configure
@@ -614,6 +614,7 @@ if [ $feat_droproot = "1" ] && [ $try_clockctl = "1" ] && \
   test_code '<sys/clockctl.h>' 'sys/clockctl.h' '' '' ''
 then
   add_def FEAT_PRIVDROP
+  priv_ops="BINDSOCKET"
 fi
 
 if [ $feat_scfilter = "1" ] && [ $try_seccomp = "1" ] && \

diff --git a/sys_netbsd.c b/sys_netbsd.c
index 11d8d043ce571e0e4602014b9cfc3f9bb3994893..7a95d3f58ca942321111c5862a8b1bfc04e6ba41 100644 (file)
--- a/sys_netbsd.c
+++ b/sys_netbsd.c
@@ -33,6 +33,7 @@
 #include "sys_netbsd.h"
 #include "sys_timex.h"
 #include "logging.h"
+#include "privops.h"
 #include "util.h"
 
 /* Maximum frequency offset accepted by the kernel (in ppm) */
@@ -124,6 +125,8 @@ SYS_NetBSD_DropRoot(uid_t uid, gid_t gid)
 {
   int fd;
 
+  PRV_StartHelper();
+
   if (setgroups(0, NULL))
     LOG_FATAL(LOGF_SysNetBSD, "setgroups() failed : %s", strerror(errno));