dns_server_unlink_on_reload(m->dns_servers);
dns_server_unlink_on_reload(m->fallback_dns_servers);
m->dns_extra_stub_listeners = ordered_set_free(m->dns_extra_stub_listeners);
+ manager_dns_stub_stop(m);
dnssd_service_clear_on_reload(m->dnssd_services);
m->unicast_scope = dns_scope_free(m->unicast_scope);
m->delegates = hashmap_free(m->delegates);
manager_flush_caches(m, LOG_INFO);
manager_verify_all(m);
+ r = manager_dns_stub_start(m);
+ if (r < 0)
+ return sd_event_exit(sd_event_source_get_event(s), r);
+
(void) sd_notify(/* unset_environment= */ false, NOTIFY_READY_MESSAGE);
return 0;
}
if (r < 0)
return log_error_errno(r, "Could not create runtime directory: %m");
- /* Drop privileges, but keep three caps. Note that we drop two of those too, later on (see below) */
+ /* Drop privileges, but keep two caps. */
r = drop_privileges(uid, gid,
- (UINT64_C(1) << CAP_NET_RAW)| /* needed for SO_BINDTODEVICE */
- (UINT64_C(1) << CAP_NET_BIND_SERVICE)| /* needed to bind on port 53 */
- (UINT64_C(1) << CAP_SETPCAP) /* needed in order to drop the caps later */);
+ (UINT64_C(1) << CAP_NET_RAW)| /* needed for SO_BINDTODEVICE */
+ (UINT64_C(1) << CAP_NET_BIND_SERVICE)); /* needed to bind on port 53 */
if (r < 0)
return log_error_errno(r, "Failed to drop privileges: %m");
}
(void) manager_check_resolv_conf(m);
- /* Let's drop the remaining caps now */
- r = capability_bounding_set_drop((UINT64_C(1) << CAP_NET_RAW), true);
- if (r < 0)
- return log_error_errno(r, "Failed to drop remaining caps: %m");
-
notify_stop = notify_start(NOTIFY_READY_MESSAGE, NOTIFY_STOPPING_MESSAGE);
r = sd_event_loop(m->event);
projects / thirdparty / systemd.git / commitdiff
