Use the raw capability interface via updated ncmlib rather than linking

to libcap.
2014-04-07 15:05:34 -04:00
parent bb1ff7a506
commit d267c2c44b
5 changed files with 9 additions and 7 deletions
--- a/src/ifchd.c
+++ b/src/ifchd.c
@ -399,7 +399,8 @@ void ifch_main(void)

    nk_set_chroot(chroot_dir);
    memset(chroot_dir, '\0', sizeof chroot_dir);
-    nk_set_uidgid(ifch_uid, ifch_gid, "cap_net_admin=ep");
+    unsigned char keepcaps[] = { CAP_NET_ADMIN };
+    nk_set_uidgid(ifch_uid, ifch_gid, keepcaps, sizeof keepcaps);

    do_ifch_work();
 }
--- a/src/ndhc.c
+++ b/src/ndhc.c
@ -408,7 +408,7 @@ static void ndhc_main(void) {

    nk_set_chroot(chroot_dir);
    memset(chroot_dir, '\0', sizeof chroot_dir);
-    nk_set_uidgid(ndhc_uid, ndhc_gid, NULL);
+    nk_set_uidgid(ndhc_uid, ndhc_gid, NULL, 0);

    if (cs.ifsPrevState != IFS_UP)
        ifchange_deconfig(&cs);
--- a/src/sockd.c
+++ b/src/sockd.c
@ -623,8 +623,9 @@ void sockd_main(void)
    setup_signals_sockd();
    nk_set_chroot(chroot_dir);
    memset(chroot_dir, 0, sizeof chroot_dir);
-    nk_set_uidgid(sockd_uid, sockd_gid,
-                  "cap_net_bind_service,cap_net_broadcast,cap_net_raw=ep");
+    unsigned char keepcaps[] = { CAP_NET_BIND_SERVICE, CAP_NET_BROADCAST,
+                                 CAP_NET_RAW };
+    nk_set_uidgid(sockd_uid, sockd_gid, keepcaps, sizeof keepcaps);
    do_sockd_work();
 }