diff options
| author | Chuck Lever <chuck.lever@oracle.com> | 2010-01-14 12:24:34 -0500 |
|---|---|---|
| committer | Steve Dickson <steved@redhat.com> | 2010-01-15 14:55:52 -0500 |
| commit | e2446fda6e7cdb1b9462162b81b0e50fd6efaf56 (patch) | |
| tree | f1a6bedafb0fc506cc0cccd8848a13d421a70afb /aclocal | |
| parent | d16bd0400fc096ec2fed36d5dfa8620b2370e4d1 (diff) | |
| download | nfs-utils-e2446fda6e7cdb1b9462162b81b0e50fd6efaf56.tar.gz nfs-utils-e2446fda6e7cdb1b9462162b81b0e50fd6efaf56.tar.xz nfs-utils-e2446fda6e7cdb1b9462162b81b0e50fd6efaf56.zip | |
libnsm.a: retain CAP_NET_BIND when dropping privileges
I'm about to switch the order of listener creation and dropping root
privileges. rpc.statd will drop privileges first, then create its
listeners. The reason for the new ordering is explained in a
subsequent patch.
However, for non-TI-RPC builds, rpc_init() needs to use a privileged
port to do pmap registrations. For both TI-RPC and non-TI-RPC builds,
CAP_NET_BIND is required in case the admin requests a privileged
listener port on the statd command line.
So that these requirements are met, nsm_drop_privileges() will now
retain CAP_NET_BIND while dropping root.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Diffstat (limited to 'aclocal')
| -rw-r--r-- | aclocal/libcap.m4 | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/aclocal/libcap.m4 b/aclocal/libcap.m4 new file mode 100644 index 0000000..eabe507 --- /dev/null +++ b/aclocal/libcap.m4 @@ -0,0 +1,15 @@ +dnl Checks for libcap.so +dnl +AC_DEFUN([AC_LIBCAP], [ + + dnl look for prctl + AC_CHECK_FUNC([prctl], , ) + + dnl look for the library; do not add to LIBS if found + AC_CHECK_LIB([cap], [cap_get_proc], [LIBCAP=-lcap], ,) + AC_SUBST(LIBCAP) + + AC_CHECK_HEADERS([sys/capability.h], , + [AC_MSG_ERROR([libcap headers not found.])]) + +])dnl |