Defer creation of Unix socket until after setuid

diff --git a/changes/bug17562-defer-unix-socket-creation b/changes/bug17562-defer-unix-socket-creation
new file mode 100644 (file)
index 0000000..f1896c0
--- /dev/null
+++ b/changes/bug17562-defer-unix-socket-creation
@@ -0,0 +1,4 @@
+  o Minor bug fixes:
+    - Defer creation of Unix sockets until after setuid. This avoids needing
+      CAP_CHOWN and CAP_FOWNER when using systemd's CapabilityBoundingSet, or
+      chown and fowner when using SELinux.

diff --git a/src/or/connection.c b/src/or/connection.c
index 7b8cc6ba399916e71342abafa3b342f3bcb2b97d..575bbf119b93e73c1239d1ac9aeb1f6423d32615 100644 (file)
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -2386,6 +2386,14 @@ retry_listener_ports(smartlist_t *old_conns,
     if (port->server_cfg.no_listen)
       continue;
 
+#ifndef _WIN32
+    /* We don't need to be root to create a UNIX socket, so defer until after
+     * setuid. */
+    const or_options_t *options = get_options();
+    if (port->is_unix_addr && !geteuid() && strcmp(options->User, "root"))
+      continue;
+#endif
+
     if (port->is_unix_addr) {
       listensockaddr = (struct sockaddr *)
         create_unix_sockaddr(port->unix_addr,