diff options
author | June McEnroe <june@causal.agency> | 2019-01-04 19:47:18 -0500 |
---|---|---|
committer | June McEnroe <june@causal.agency> | 2019-01-04 19:47:18 -0500 |
commit | 96a00130d266a5281cc8706f537074a3e253f1a3 (patch) | |
tree | 44e1c425f2db90fb978e9504f62e7cb6c7a4b73c | |
parent | Add play to index.html (diff) | |
download | torus-96a00130d266a5281cc8706f537074a3e253f1a3.tar.gz torus-96a00130d266a5281cc8706f537074a3e253f1a3.zip |
Add cap_rights_limit calls to client and server
-rw-r--r-- | client.c | 5 | ||||
-rw-r--r-- | server.c | 14 |
2 files changed, 19 insertions, 0 deletions
diff --git a/client.c b/client.c index 867b4de..32c2022 100644 --- a/client.c +++ b/client.c @@ -707,6 +707,11 @@ int main(int argc, char *argv[]) { #ifdef __FreeBSD__ error = cap_enter(); if (error) err(EX_OSERR, "cap_enter"); + + cap_rights_t rights; + cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_EVENT); + error = cap_rights_limit(client, &rights); + if (error) err(EX_OSERR, "cap_rights_limit"); #endif struct pollfd fds[2] = { diff --git a/server.c b/server.c index bd4e980..b01e81d 100644 --- a/server.c +++ b/server.c @@ -410,7 +410,21 @@ int main(int argc, char *argv[]) { error = cap_enter(); if (error) err(EX_OSERR, "cap_enter"); + cap_rights_t rights; + cap_rights_init( + &rights, + CAP_LISTEN, CAP_ACCEPT, CAP_EVENT, + CAP_READ, CAP_WRITE, CAP_SETSOCKOPT + ); + error = cap_rights_limit(server, &rights); + if (error) err(EX_OSERR, "cap_rights_limit"); + if (pid) { + cap_rights_init(&rights, CAP_PWRITE, CAP_FSTAT, CAP_FTRUNCATE); + error = cap_rights_limit(pidfile_fileno(pid), &rights); + if (error) err(EX_OSERR, "cap_rights_limit"); + + // FIXME: daemon(3) can't chdir or open /dev/null in capability mode. error = daemon(0, 0); if (error) err(EX_OSERR, "daemon"); pidfile_write(pid); |