git.sur5r.net Git - bacula/bacula/commit

author	Dmitry V. Levin <ldv@altlinux.org>
	Fri, 18 Sep 2009 16:32:38 +0000 (16:32 +0000)
committer	Kern Sibbald <kern@sibbald.com>
	Sat, 19 Sep 2009 17:15:37 +0000 (19:15 +0200)
commit	be18dce6a5135f5387ec8f9fa37f3069d48ade04
tree	11844744556f01e0c6c56d84dde57a23a02165bf	tree \| snapshot
parent	91f02e5cb55139c63c0ec17e2b2a8cc96709f92c	commit \| diff

Implement support of keeping readall capabilities after UID/GID switch

Extend drop() function interface to accept 3rd parameter specifying
whether process should keep capabilities required to read and search
files and directories regardless of their access permissions.

Introduce new bacula-fd option (-k) specifying that readall capabilities
should be kept after UID/GID switch.

The change moves drop() definition from bsys.c to new file priv.c,
which is necessary to avoid linking every bacula executable with -lcap.
If drop() would remain in bsys.c, then every executable which directly
or indirectly uses other functions defined in bsys.c would have to be
linked with -lcap, unless libbac is built as a shared library.

While the change itself is portable, the implementation is Linux
specific, it uses libcap to keep CAP_DAC_READ_SEARCH capability.
If libcap is not available, or OS does not have sys/prctl.h,
sys/capability.h, prctl(2), setreuid(2) and PR_SET_KEEPCAPS, then
this change is almost noop.

bacula/autoconf/configure.in		diff \| blob \| history
bacula/src/dird/Makefile.in		diff \| blob \| history
bacula/src/dird/dird.c		diff \| blob \| history
bacula/src/filed/Makefile.in		diff \| blob \| history
bacula/src/filed/filed.c		diff \| blob \| history
bacula/src/lib/Makefile.in		diff \| blob \| history
bacula/src/lib/bsys.c		diff \| blob \| history
bacula/src/lib/priv.c	[new file with mode: 0644]	blob
bacula/src/lib/protos.h		diff \| blob \| history
bacula/src/stored/Makefile.in		diff \| blob \| history
bacula/src/stored/stored.c		diff \| blob \| history