diff options
| author | pjd <pjd@FreeBSD.org> | 2011-03-21 21:31:50 +0000 |
|---|---|---|
| committer | pjd <pjd@FreeBSD.org> | 2011-03-21 21:31:50 +0000 |
| commit | b84a0251e39001ae198d49f18d470ceb827c5dc8 (patch) | |
| tree | 423b8a1794223b5607ff01f014ec10c088e66a0b /sbin/hastctl/hastctl.c | |
| parent | 3591d152b2cc88ff15075e1eba664d04f99fbcd2 (diff) | |
| download | FreeBSD-src-b84a0251e39001ae198d49f18d470ceb827c5dc8.zip FreeBSD-src-b84a0251e39001ae198d49f18d470ceb827c5dc8.tar.gz | |
When dropping privileges prefer capsicum over chroot+setgid+setuid.
We can use capsicum for secondary worker processes and hastctl.
When working as primary we drop privileges using chroot+setgid+setuid
still as we need to send ioctl(2)s to ggate device, for which capsicum
doesn't allow (yet).
X-MFC after: capsicum is merged to stable/8
Diffstat (limited to 'sbin/hastctl/hastctl.c')
| -rw-r--r-- | sbin/hastctl/hastctl.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/sbin/hastctl/hastctl.c b/sbin/hastctl/hastctl.c index 67ee761..21b1217 100644 --- a/sbin/hastctl/hastctl.c +++ b/sbin/hastctl/hastctl.c @@ -480,9 +480,8 @@ main(int argc, char *argv[]) cfg->hc_controladdr); } - if (drop_privs() != 0) + if (drop_privs(true) != 0) exit(EX_CONFIG); - pjdlog_debug(1, "Privileges successfully dropped."); /* Send the command to the server... */ if (hast_proto_send(NULL, controlconn, nv, NULL, 0) < 0) { |
