So we don't have to link every tool against libcap.
--- /dev/null
+/*
+ * This file is part of PowerDNS or dnsdist.
+ * Copyright -- PowerDNS.COM B.V. and its contributors
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ *
+ * In addition, for the avoidance of any doubt, permission is granted to
+ * link this program with OpenSSL and to (re)distribute the binaries
+ * produced as the result of such linking.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "config.h"
+
+#include <cstring>
+#include <stdexcept>
+
+#ifdef HAVE_LIBCAP
+#include <sys/capability.h>
+#endif
+
+#include "capabilities.hh"
+
+void dropCapabilities()
+{
+#ifdef HAVE_LIBCAP
+ cap_t caps = cap_get_proc();
+ if (caps != nullptr) {
+ cap_clear(caps);
+
+ if (cap_set_proc(caps) != 0) {
+ cap_free(caps);
+ throw std::runtime_error("Unable to drop capabilities: " + std::string(strerror(errno)));
+ }
+
+ cap_free(caps);
+ }
+#endif /* HAVE_LIBCAP */
+}
--- /dev/null
+/*
+ * This file is part of PowerDNS or dnsdist.
+ * Copyright -- PowerDNS.COM B.V. and its contributors
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ *
+ * In addition, for the avoidance of any doubt, permission is granted to
+ * link this program with OpenSSL and to (re)distribute the binaries
+ * produced as the result of such linking.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#pragma once
+
+void dropCapabilities();
#include <boost/variant.hpp>
#include "bpf-filter.hh"
+#include "capabilities.hh"
#include "dnscrypt.hh"
#include "dnsdist-cache.hh"
#include "dnsdist-dynbpf.hh"
base64.hh \
bpf-filter.cc bpf-filter.hh \
cachecleaner.hh \
+ capabilities.cc capabilities.hh \
dns.cc dns.hh \
dnscrypt.cc dnscrypt.hh \
dnsdist.cc dnsdist.hh \
--- /dev/null
+../capabilities.cc
\ No newline at end of file
--- /dev/null
+../capabilities.hh
\ No newline at end of file
# include <sched.h>
#endif
-#ifdef HAVE_LIBCAP
-#include <sys/capability.h>
-#endif
-
bool g_singleThreaded;
size_t writen2(int fd, const void *buf, size_t count)
return results;
}
-
-void dropCapabilities()
-{
-#ifdef HAVE_LIBCAP
- cap_t caps = cap_get_proc();
- if (caps != nullptr) {
- cap_clear(caps);
-
- if (cap_set_proc(caps) != 0) {
- cap_free(caps);
- throw std::runtime_error("Unable to drop capabilities: " + std::string(strerror(errno)));
- }
-
- cap_free(caps);
- }
-#endif /* HAVE_LIBCAP */
-}
double DiffTime(const struct timeval& first, const struct timeval& second);
uid_t strToUID(const string &str);
gid_t strToGID(const string &str);
-void dropCapabilities();
unsigned int pdns_stou(const std::string& str, size_t * idx = 0, int base = 10);
#include "malloctrace.hh"
#endif
#include <netinet/tcp.h>
+#include "capabilities.hh"
#include "dnsparser.hh"
#include "dnswriter.hh"
#include "dnsrecords.hh"
base32.cc base32.hh \
base64.cc base64.hh \
cachecleaner.hh \
+ capabilities.cc capabilities.hh \
comment.hh \
dns.hh dns.cc \
dns_random.hh dns_random.cc \
rec_control.cc \
unix_utility.cc
-rec_control_LDADD = \
- $(LIBCAP_LIBS)
-
dnslabeltext.cc: dnslabeltext.rl
$(AM_V_GEN)$(RAGEL) $< -o dnslabeltext.cc
--- /dev/null
+../capabilities.cc
\ No newline at end of file
--- /dev/null
+../capabilities.hh
\ No newline at end of file
projects / pdns / commitdiff