From 1f063dcadb802c57759e2ca2bf9c08e108bb3d70 Mon Sep 17 00:00:00 2001
From: Ulrich Drepper <drepper@redhat.com>
Date: Wed, 26 Apr 2006 16:29:29 +0000
Subject: 2006-04-26  James Antill  <james.antill@redhat.com>

	    Ulrich Drepper  <drepper@redhat.com>

	* config.make.in: Add have-libcap.
	* configure.in: Check for libcap.
	* nscd/Makefile (selinux-LIBS): Add -lcap if possible.
	* nscd/connections.c (finish_drop_privileges): When libcap is available
	call preserve_capabilities and install_real_capabilities.
	* nscd/selinux.c: Define preserve_capabilities and
	install_real_capabilities.
	* nscd/selinux.h: Declare preserve_capabilities and
	install_real_capabilities.
---
 nscd/connections.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'nscd/connections.c')

diff --git a/nscd/connections.c b/nscd/connections.c
index d975b1818f..b24e7fb527 100644
--- a/nscd/connections.c
+++ b/nscd/connections.c
@@ -1859,6 +1859,11 @@ begin_drop_privileges (void)
 static void
 finish_drop_privileges (void)
 {
+#if defined HAVE_LIBAUDIT && defined HAVE_LIBCAP
+  /* We need to preserve the capabilities to connect to the audit daemon.  */
+  cap_t new_caps = preserve_capabilities ();
+#endif
+
   if (setgroups (server_ngroups, server_groups) == -1)
     {
       dbg_log (_("Failed to run nscd as user '%s'"), server_user);
@@ -1878,4 +1883,9 @@ finish_drop_privileges (void)
       perror ("setuid");
       exit (4);
     }
+
+#if defined HAVE_LIBAUDIT && defined HAVE_LIBCAP
+  /* Remove the temporary capabilities.  */
+  install_real_capabilities (new_caps);
+#endif
 }
-- 
cgit 1.4.1