Blame 0002-daemon-main-do-not-create-run-icecc-by-ourselves.patch
|
 |
c61b150 |
From f99d4abcd23ba589b07acbdab05213e360e66312 Mon Sep 17 00:00:00 2001
|
|
|
48d39d8 |
From: Michal Schmidt <mschmidt@redhat.com>
|
|
|
48d39d8 |
Date: Thu, 29 Aug 2013 18:12:02 +0200
|
|
|
c61b150 |
Subject: [PATCH 2/3] daemon/main: do not create /run/icecc by ourselves
|
|
|
48d39d8 |
|
|
|
48d39d8 |
In order to be able to restrict the daemon's SELinux policy even more,
|
|
|
48d39d8 |
let's rely on tmpfiles.d to create the /run/icecc directory for us
|
|
|
48d39d8 |
instead of creating it from the daemon.
|
|
|
48d39d8 |
---
|
|
|
48d39d8 |
daemon/main.cpp | 4 ----
|
|
|
48d39d8 |
1 file changed, 4 deletions(-)
|
|
|
48d39d8 |
|
|
|
48d39d8 |
diff --git a/daemon/main.cpp b/daemon/main.cpp
|
|
|
c61b150 |
index 4db17f2..fc12caf 100644
|
|
|
48d39d8 |
--- a/daemon/main.cpp
|
|
|
48d39d8 |
+++ b/daemon/main.cpp
|
|
|
c61b150 |
@@ -2177,10 +2177,6 @@ int main(int argc, char **argv)
|
|
|
48d39d8 |
logfile = "/var/log/icecc/iceccd.log";
|
|
|
48d39d8 |
}
|
|
|
48d39d8 |
|
|
|
c61b150 |
- mkdir("/var/run/icecc", S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH);
|
|
|
c61b150 |
- chmod("/var/run/icecc", S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH);
|
|
|
48d39d8 |
- chown("/var/run/icecc", d.user_uid, d.user_gid);
|
|
|
48d39d8 |
-
|
|
|
48d39d8 |
#ifdef HAVE_LIBCAP_NG
|
|
|
48d39d8 |
capng_clear(CAPNG_SELECT_BOTH);
|
|
|
c61b150 |
capng_update(CAPNG_ADD, (capng_type_t)(CAPNG_EFFECTIVE | CAPNG_PERMITTED), CAP_SYS_CHROOT);
|
|
|
48d39d8 |
--
|
|
|
c61b150 |
2.1.0
|
|
|
48d39d8 |
|