From da76a8046e01e1c1c2e6f75772afb2c4f202cc25 Mon Sep 17 00:00:00 2001
From: Brian Wellington <source@isc.org>
Date: Thu, 10 Aug 2000 00:31:59 +0000
Subject: [PATCH]  382.   [bug]           named -u failed on Debian Linux.

---
 CHANGES             |  2 ++
 bin/named/unix/os.c | 17 ++++++++---------
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/CHANGES b/CHANGES
index c5601e6a53..834e1274ab 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+ 382.	[bug]		named -u failed on Debian Linux.
+
  381.	[bug]		Check for IPV6_RECVPKTINFO and use it instead of
 			IPV6_PKTINFO if found. [RT #229]
 
diff --git a/bin/named/unix/os.c b/bin/named/unix/os.c
index 414b837220..b01f6c23c0 100644
--- a/bin/named/unix/os.c
+++ b/bin/named/unix/os.c
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: os.c,v 1.29 2000/08/01 01:12:21 tale Exp $ */
+/* $Id: os.c,v 1.30 2000/08/10 00:31:58 bwelling Exp $ */
 
 #include <config.h>
 
@@ -61,7 +61,10 @@ static isc_boolean_t done_setuid = ISC_FALSE;
 
 #ifdef HAVE_LINUX_PRCTL_H
 #include <sys/prctl.h>		/* Required for prctl(). */
+#ifndef PR_SET_KEEPCAPS
+#define PR_SET_KEEPCAPS 8
 #endif
+#endif /* HAVE_LINUX_PRCTL_H */
 
 #ifndef SYS_capset
 #define SYS_capset __NR_capset
@@ -108,14 +111,10 @@ linux_initialprivs(void) {
 	 */
 	caps |= (1 << CAP_SYS_CHROOT);
 
-#if defined(HAVE_LINUX_PRCTL_H) && defined(PR_SET_KEEPCAPS)
+#ifdef HAVE_LINUX_PRCTL_H
 	/*
 	 * If the kernel supports keeping capabilities after setuid(), we
-	 * also want the setuid capability.
-	 *
-	 * There's no point turning this on if we don't have PR_SET_KEEPCAPS,
-	 * because changing user ids only works right with linuxthreads if
-	 * we can do it early (before creating threads).
+	 * also want the setuid capability.  We don't know until we've tried.
 	 */
 	caps |= (1 << CAP_SETUID);
 #endif
@@ -151,7 +150,7 @@ linux_minprivs(void) {
 	linux_setcaps(caps);
 }
 
-#if defined(HAVE_LINUX_PRCTL_H) && defined(PR_SET_KEEPCAPS)
+#ifdef HAVE_LINUX_PRCTL_H
 static void
 linux_keepcaps(void) {
 	/*
@@ -310,7 +309,7 @@ ns_os_changeuser(void) {
 void
 ns_os_minprivs(void) {
 #ifdef HAVE_LINUX_CAPABILITY_H
-#if defined(HAVE_LINUX_PRCTL_H) && defined(PR_SET_KEEPCAPS)
+#ifdef HAVE_LINUX_PRCTL_H
 	linux_keepcaps();
 	ns_os_changeuser();
 #endif