diff options
| author | Lennart Poettering <lennart@poettering.net> | 2007-05-25 20:35:30 +0000 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2007-05-25 20:35:30 +0000 |
| commit | 4d88fcd59da84ac4f09113855c8f15384a4e05c3 (patch) | |
| tree | e144296f3a041204bbf15f90af0164707c8ffde1 /src/pulsecore | |
| parent | 65e87616833252884e4ab6b87373f98939fc446a (diff) | |
when called with the setid bit change euid to uid sooner to make sure that we can access our own files even when we dropped most capabilities. (Closes #21)
git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@1455 fefdeb5f-60dc-0310-8127-8f9354f1896f
Diffstat (limited to 'src/pulsecore')
| -rw-r--r-- | src/pulsecore/core-util.c | 36 |
1 files changed, 33 insertions, 3 deletions
diff --git a/src/pulsecore/core-util.c b/src/pulsecore/core-util.c index cc0fb205..480ac3b7 100644 --- a/src/pulsecore/core-util.c +++ b/src/pulsecore/core-util.c @@ -51,6 +51,10 @@ #include <sys/resource.h> #endif +#ifdef HAVE_SYS_CAPABILITY_H +#include <sys/capability.h> +#endif + #ifdef HAVE_PTHREAD #include <pthread.h> #endif @@ -481,7 +485,23 @@ char *pa_strlcpy(char *b, const char *s, size_t l) { sensible: set the nice level to -15 and enable realtime scheduling if supported.*/ void pa_raise_priority(void) { - +#if defined(HAVE_SYS_CAPABILITY_H) + cap_t caps; + + /* Temporarily acquire CAP_SYS_NICE in the effective set */ + if ((caps = cap_get_proc())) { + cap_t caps_new; + cap_value_t nice_cap = CAP_SYS_NICE; + + if ((caps_new = cap_dup(caps))) { + cap_set_flag(caps_new, CAP_EFFECTIVE, 1, &nice_cap, CAP_SET); + cap_set_flag(caps_new, CAP_PERMITTED, 1, &nice_cap, CAP_SET); + cap_set_proc(caps_new); + cap_free(caps_new); + } + } +#endif + #ifdef HAVE_SYS_RESOURCE_H if (setpriority(PRIO_PROCESS, 0, NICE_LEVEL) < 0) pa_log_warn("setpriority(): %s", pa_cstrerror(errno)); @@ -495,13 +515,13 @@ void pa_raise_priority(void) { if (sched_getparam(0, &sp) < 0) { pa_log("sched_getparam(): %s", pa_cstrerror(errno)); - return; + goto fail; } sp.sched_priority = 1; if (sched_setscheduler(0, SCHED_FIFO, &sp) < 0) { pa_log_warn("sched_setscheduler(): %s", pa_cstrerror(errno)); - return; + goto fail; } pa_log_info("Successfully enabled SCHED_FIFO scheduling."); @@ -514,6 +534,16 @@ void pa_raise_priority(void) { else pa_log_info("Successfully gained high priority class."); #endif + +fail: + +#if defined(HAVE_SYS_CAPABILITY_H) + if (caps) { + /* Restore original caps */ + cap_set_proc(caps); + cap_free(caps); + } +#endif } /* Reset the priority to normal, inverting the changes made by pa_raise_priority() */ |