Mercurial Mercurial > upstream > illumos > illumos-gate / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
usr/src/cmd/ndmpd/ndmp/ndmpd_main.c
changeset 11537 8eca52188202
parent 9012 ee7366019c63
child 12186 046583e770b7
equal deleted inserted replaced
11536:4c36e6a8710f 11537:8eca52188202 
     1 /*
 
     1 /*
 
     2  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 
     2  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
 
     3  * Use is subject to license terms.
 
     3  * Use is subject to license terms.
 
     4  */
 
     4  */
 
     5 
     5 
     6 /*
 
     6 /*
 
     7  * BSD 3 Clause License
 
     7  * BSD 3 Clause License
 
   118 static void
 
   118 static void
 
   119 daemonize_init(char *arg)
 
   119 daemonize_init(char *arg)
 
   120 {
 
   120 {
 
   121 	sigset_t set, oset;
 
   121 	sigset_t set, oset;
 
   122 	pid_t pid;
 
   122 	pid_t pid;
 
       
   123 	priv_set_t *pset = priv_allocset();
 
   123 
   124 
   124 	/*
 
   125 	/*
 
   125 	 * Set effective sets privileges to 'least' required. If fails, send
 
   126 	 * Set effective sets privileges to 'least' required. If fails, send
 
   126 	 * error messages to log file and proceed.
 
   127 	 * error messages to log file and proceed.
 
   127 	 */
 
   128 	 */
 
   128 	if (priv_set(PRIV_SET, PRIV_EFFECTIVE,
 
   129 	if (pset != NULL) {
 
   129 	    PRIV_FILE_LINK_ANY, PRIV_PROC_INFO, PRIV_PROC_SESSION,
 
   130 		priv_basicset(pset);
 
   130 	    PRIV_PROC_FORK, PRIV_PROC_EXEC,
 
   131 		(void) priv_addset(pset, PRIV_PROC_AUDIT);
 
   131 	    PRIV_PROC_AUDIT, PRIV_PROC_SETID, PRIV_PROC_OWNER, PRIV_FILE_CHOWN,
 
   132 		(void) priv_addset(pset, PRIV_PROC_SETID);
 
   132 	    PRIV_FILE_CHOWN_SELF, PRIV_FILE_DAC_READ, PRIV_FILE_DAC_SEARCH,
 
   133 		(void) priv_addset(pset, PRIV_PROC_OWNER);
 
   133 	    PRIV_FILE_DAC_WRITE, PRIV_FILE_OWNER, PRIV_FILE_SETID,
 
   134 		(void) priv_addset(pset, PRIV_FILE_CHOWN);
 
   134 	    PRIV_SYS_LINKDIR, PRIV_SYS_DEVICES, PRIV_SYS_MOUNT, PRIV_SYS_CONFIG,
 
   135 		(void) priv_addset(pset, PRIV_FILE_CHOWN_SELF);
 
   135 	    NULL))
 
   136 		(void) priv_addset(pset, PRIV_FILE_DAC_READ);
 
   136 		syslog(LOG_ERR,
 
   137 		(void) priv_addset(pset, PRIV_FILE_DAC_SEARCH);
 
   137 		    "Failed to set least required privileges to the service.");
 
   138 		(void) priv_addset(pset, PRIV_FILE_DAC_WRITE);
 
       
   139 		(void) priv_addset(pset, PRIV_FILE_OWNER);
 
       
   140 		(void) priv_addset(pset, PRIV_FILE_SETID);
 
       
   141 		(void) priv_addset(pset, PRIV_SYS_LINKDIR);
 
       
   142 		(void) priv_addset(pset, PRIV_SYS_DEVICES);
 
       
   143 		(void) priv_addset(pset, PRIV_SYS_MOUNT);
 
       
   144 		(void) priv_addset(pset, PRIV_SYS_CONFIG);
 
       
   145 	}
 
       
   146 
       
   147 	if (pset == NULL || setppriv(PRIV_SET, PRIV_EFFECTIVE, pset) != 0) {
 
       
   148 		syslog(LOG_ERR, "Failed to set least required privileges to "
 
       
   149 		    "the service.");
 
       
   150 	}
 
       
   151 	priv_freeset(pset);
 
   138 
   152 
   139 	/*
 
   153 	/*
 
   140 	 * Block all signals prior to the fork and leave them blocked in the
 
   154 	 * Block all signals prior to the fork and leave them blocked in the
 
   141 	 * parent so we don't get in a situation where the parent gets SIGINT
 
   155 	 * parent so we don't get in a situation where the parent gets SIGINT
 
   142 	 * and returns non-zero exit status and the child is actually running.
 
   156 	 * and returns non-zero exit status and the child is actually running.
upstream/illumos/illumos-gate