upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-11 15:09:59 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

remove CAP_SYS_RESOURCE

Browse source
This commit is contained in:
Bob Halley 2000-02-01 20:17:32 +00:00
parent 54e587cfac
commit 5e4b7294d8
1 changed files with 6 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
bin/named/unix/os.c
View file

@ -76,14 +76,16 @@ linux_initialprivs(void) {
/*
* Drop all privileges except the abilities to bind() to privileged
* ports, set resource limits, and chroot().
* ports and chroot().
*/
caps = 0;
caps |= (1 << CAP_NET_BIND_SERVICE);
caps |= (1 << CAP_SYS_RESOURCE);
caps |= (1 << CAP_SYS_CHROOT);
/*
* XXX We might want to add CAP_SYS_RESOURCE, though it's not
* clear it would work right given the way linuxthreads work.
*/
linux_setcaps(caps);
}
@ -93,12 +95,11 @@ linux_minprivs(void) {
/*
* Drop all privileges except the abilities to bind() to privileged
* ports and set resource limits.
* ports.
*/
caps = 0;
caps |= (1 << CAP_NET_BIND_SERVICE);
caps |= (1 << CAP_SYS_RESOURCE);
linux_setcaps(caps);
}