diff options
| author | Thorvald Natvig <slicer@users.sourceforge.net> | 2009-02-26 17:03:27 +0300 |
|---|---|---|
| committer | Thorvald Natvig <slicer@users.sourceforge.net> | 2009-02-26 17:03:27 +0300 |
| commit | 7fc01d602e63cf7d764a7c14dbe6f53941604dda (patch) | |
| tree | 11e7561f226b3defd14f0cb93c57a062e005e6d4 /src/murmur/UnixMurmur.cpp | |
| parent | 0df61d2f2d12782516f32e5a15e08670dc09c3ac (diff) | |
Use Linux capabilities to allow us to really use high priority threads
git-svn-id: https://mumble.svn.sourceforge.net/svnroot/mumble/trunk@1587 05730e5d-ab1b-0410-a4ac-84af385074fa
Diffstat (limited to 'src/murmur/UnixMurmur.cpp')
| -rw-r--r-- | src/murmur/UnixMurmur.cpp | 58 |
1 files changed, 57 insertions, 1 deletions
diff --git a/src/murmur/UnixMurmur.cpp b/src/murmur/UnixMurmur.cpp index a99b98885..81ef84a2b 100644 --- a/src/murmur/UnixMurmur.cpp +++ b/src/murmur/UnixMurmur.cpp @@ -165,7 +165,12 @@ void UnixMurmur::handleSigHup() { qWarning("Caught SIGHUP, will reopen %s", qPrintable(Meta::mp.qsLogfile)); qfLog->close(); qfLog->setFileName(Meta::mp.qsLogfile); - if (! qfLog->open(QIODevice::WriteOnly | QIODevice::Append | QIODevice::Text)) { + if (Meta::mp.uiUid != 0) + setresuid(0,0,0); + bool result = qfLog->open(QIODevice::WriteOnly | QIODevice::Append | QIODevice::Text); + if (Meta::mp.uiUid != 0) + setresuid(Meta::mp.uiUid, Meta::mp.uiUid, 0); + if (! result) { delete qfLog; qfLog = NULL; } else { @@ -187,3 +192,54 @@ void UnixMurmur::handleSigTerm() { qsnTerm->setEnabled(true); } + +void UnixMurmur::setuid() { + if (Meta::mp.uiUid != 0) { + if (setregid(Meta::mp.uiGid, Meta::mp.uiGid) != 0) + qCritical("Failed to switch to gid %d", Meta::mp.uiGid); + if (setresuid(Meta::mp.uiUid, Meta::mp.uiUid, 0) != 0) { + qFatal("Failed to become uid %d", Meta::mp.uiUid); + } else { + qCritical("Successfully switched to uid %d", Meta::mp.uiUid); + } + } +} + +void UnixMurmur::initialcap() { +#ifdef Q_OS_LINUX + cap_value_t caps[] = {CAP_DAC_OVERRIDE, CAP_SYS_NICE, CAP_SETUID }; + + if (geteuid() != 0) + return; + + cap_t c = cap_init(); + cap_clear(c); + cap_set_flag(c, CAP_EFFECTIVE, sizeof(caps)/sizeof(cap_value_t), caps, CAP_SET); + cap_set_flag(c, CAP_INHERITABLE, sizeof(caps)/sizeof(cap_value_t), caps, CAP_SET); + cap_set_flag(c, CAP_PERMITTED, sizeof(caps)/sizeof(cap_value_t), caps, CAP_SET); + if (cap_set_proc(c) != 0) { + qCritical("Failed to set initial capabilities"); + } else { + qWarning("Successfully dropped initial capabilities"); + } +#endif +} + +void UnixMurmur::finalcap() { +#ifdef Q_OS_LINUX + cap_value_t caps[] = {CAP_DAC_OVERRIDE, CAP_SYS_NICE, CAP_SETUID }; + + if (Meta::mp.uiUid == 0) + return; + + cap_t c = cap_init(); + cap_clear(c); + cap_set_flag(c, CAP_EFFECTIVE, sizeof(caps)/sizeof(cap_value_t), caps, CAP_SET); + cap_set_flag(c, CAP_PERMITTED, sizeof(caps)/sizeof(cap_value_t), caps, CAP_SET); + if (cap_set_proc(c) != 0) { + qCritical("Failed to set final capabilities"); + } else { + qWarning("Successfully dropped capabilities"); + } +#endif +} |