From 7fc01d602e63cf7d764a7c14dbe6f53941604dda Mon Sep 17 00:00:00 2001
From: Thorvald Natvig <slicer@users.sourceforge.net>
Date: Thu, 26 Feb 2009 14:03:27 +0000
Subject: Use Linux capabilities to allow us to really use high priority
 threads

git-svn-id: https://mumble.svn.sourceforge.net/svnroot/mumble/trunk@1587 05730e5d-ab1b-0410-a4ac-84af385074fa
---
 src/murmur/UnixMurmur.cpp | 58 ++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 57 insertions(+), 1 deletion(-)

(limited to 'src/murmur/UnixMurmur.cpp')

diff --git a/src/murmur/UnixMurmur.cpp b/src/murmur/UnixMurmur.cpp
index a99b98885..81ef84a2b 100644
--- a/src/murmur/UnixMurmur.cpp
+++ b/src/murmur/UnixMurmur.cpp
@@ -165,7 +165,12 @@ void UnixMurmur::handleSigHup() {
 		qWarning("Caught SIGHUP, will reopen %s", qPrintable(Meta::mp.qsLogfile));
 		qfLog->close();
 		qfLog->setFileName(Meta::mp.qsLogfile);
-		if (! qfLog->open(QIODevice::WriteOnly | QIODevice::Append | QIODevice::Text)) {
+		if (Meta::mp.uiUid != 0)
+			setresuid(0,0,0);
+		bool result = qfLog->open(QIODevice::WriteOnly | QIODevice::Append | QIODevice::Text);
+		if (Meta::mp.uiUid != 0)
+			setresuid(Meta::mp.uiUid, Meta::mp.uiUid, 0);
+		if (! result) {
 			delete qfLog;
 			qfLog = NULL;
 		} else {
@@ -187,3 +192,54 @@ void UnixMurmur::handleSigTerm() {
 
 	qsnTerm->setEnabled(true);
 }
+
+void UnixMurmur::setuid() {
+	if (Meta::mp.uiUid != 0) {
+		if (setregid(Meta::mp.uiGid, Meta::mp.uiGid) != 0)
+			qCritical("Failed to switch to gid %d", Meta::mp.uiGid);
+		if (setresuid(Meta::mp.uiUid, Meta::mp.uiUid, 0) != 0) {
+			qFatal("Failed to become uid %d", Meta::mp.uiUid);
+		} else {
+			qCritical("Successfully switched to uid %d", Meta::mp.uiUid);
+		}
+	}
+}
+
+void UnixMurmur::initialcap() {
+#ifdef Q_OS_LINUX
+	cap_value_t caps[] = {CAP_DAC_OVERRIDE, CAP_SYS_NICE, CAP_SETUID };
+
+	if (geteuid() != 0)
+		return;
+		
+	cap_t c = cap_init();
+	cap_clear(c);
+	cap_set_flag(c, CAP_EFFECTIVE, sizeof(caps)/sizeof(cap_value_t), caps, CAP_SET);
+	cap_set_flag(c, CAP_INHERITABLE, sizeof(caps)/sizeof(cap_value_t), caps, CAP_SET);
+	cap_set_flag(c, CAP_PERMITTED, sizeof(caps)/sizeof(cap_value_t), caps, CAP_SET);
+	if (cap_set_proc(c) != 0) {
+		qCritical("Failed to set initial capabilities");
+	} else {
+		qWarning("Successfully dropped initial capabilities");
+	}
+#endif
+}
+
+void UnixMurmur::finalcap() {
+#ifdef Q_OS_LINUX
+	cap_value_t caps[] = {CAP_DAC_OVERRIDE, CAP_SYS_NICE, CAP_SETUID };
+
+	if (Meta::mp.uiUid == 0)
+		return;
+
+	cap_t c = cap_init();
+	cap_clear(c);
+	cap_set_flag(c, CAP_EFFECTIVE, sizeof(caps)/sizeof(cap_value_t), caps, CAP_SET);
+	cap_set_flag(c, CAP_PERMITTED, sizeof(caps)/sizeof(cap_value_t), caps, CAP_SET);
+	if (cap_set_proc(c) != 0) {
+		qCritical("Failed to set final capabilities");
+	} else {
+		qWarning("Successfully dropped capabilities");
+	}
+#endif
+}
-- 
cgit v1.2.3