git.sur5r.net Git - bacula/bacula/commit

author	Dmitry V. Levin <ldv@altlinux.org>
	Fri, 18 Sep 2009 16:32:38 +0000 (16:32 +0000)
committer	Kern Sibbald <kern@sibbald.com>
	Sat, 19 Sep 2009 17:15:37 +0000 (19:15 +0200)
commit	dfd9567cb9c0fd3e2d753b5a2b856155cd4ab006
tree	67e33f55893beb84cd2ab06bca6a1bf52d311fcb	tree \| snapshot
parent	ae2def87b828329e5334db5b1d6539e3b53ebb9c	commit \| diff

Implement support of keeping readall capabilities after UID/GID switch

Extend drop() function interface to accept 3rd parameter specifying
whether process should keep capabilities required to read and search
files and directories regardless of their access permissions.

Introduce new bacula-fd option (-k) specifying that readall capabilities
should be kept after UID/GID switch.

The change moves drop() definition from bsys.c to new file priv.c,
which is necessary to avoid linking every bacula executable with -lcap.
If drop() would remain in bsys.c, then every executable which directly
or indirectly uses other functions defined in bsys.c would have to be
linked with -lcap, unless libbac is built as a shared library.

While the change itself is portable, the implementation is Linux
specific, it uses libcap to keep CAP_DAC_READ_SEARCH capability.
If libcap is not available, or OS does not have sys/prctl.h,
sys/capability.h, prctl(2), setreuid(2) and PR_SET_KEEPCAPS, then
this change is almost noop.

bacula/autoconf/configure.in		diff \| blob \| history
bacula/src/dird/Makefile.in		diff \| blob \| history
bacula/src/dird/dird.c		diff \| blob \| history
bacula/src/filed/Makefile.in		diff \| blob \| history
bacula/src/filed/filed.c		diff \| blob \| history
bacula/src/lib/Makefile.in		diff \| blob \| history
bacula/src/lib/bsys.c		diff \| blob \| history
bacula/src/lib/priv.c	[new file with mode: 0644]	blob
bacula/src/lib/protos.h		diff \| blob \| history
bacula/src/stored/Makefile.in		diff \| blob \| history
bacula/src/stored/stored.c		diff \| blob \| history