diff options
| author | pjd <pjd@FreeBSD.org> | 2011-03-21 21:31:50 +0000 |
|---|---|---|
| committer | pjd <pjd@FreeBSD.org> | 2011-03-21 21:31:50 +0000 |
| commit | b84a0251e39001ae198d49f18d470ceb827c5dc8 (patch) | |
| tree | 423b8a1794223b5607ff01f014ec10c088e66a0b /sbin/hastd/secondary.c | |
| parent | 3591d152b2cc88ff15075e1eba664d04f99fbcd2 (diff) | |
| download | FreeBSD-src-b84a0251e39001ae198d49f18d470ceb827c5dc8.zip FreeBSD-src-b84a0251e39001ae198d49f18d470ceb827c5dc8.tar.gz | |
When dropping privileges prefer capsicum over chroot+setgid+setuid.
We can use capsicum for secondary worker processes and hastctl.
When working as primary we drop privileges using chroot+setgid+setuid
still as we need to send ioctl(2)s to ggate device, for which capsicum
doesn't allow (yet).
X-MFC after: capsicum is merged to stable/8
Diffstat (limited to 'sbin/hastd/secondary.c')
| -rw-r--r-- | sbin/hastd/secondary.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sbin/hastd/secondary.c b/sbin/hastd/secondary.c index bfd9992..cdcab0a 100644 --- a/sbin/hastd/secondary.c +++ b/sbin/hastd/secondary.c @@ -440,7 +440,7 @@ hastd_secondary(struct hast_resource *res, struct nv *nvin) init_local(res); init_environment(); - if (drop_privs() != 0) + if (drop_privs(true) != 0) exit(EX_CONFIG); pjdlog_info("Privileges successfully dropped."); |
