chiark / gitweb /
~ian / secnet.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f30db15) | patch
polypath: Provide privsep mode
authorIan Jackson <ijackson@chiark.greenend.org.uk>
Wed, 1 Oct 2014 17:19:20 +0000 (18:19 +0100)
committerIan Jackson <ijackson@chiark.greenend.org.uk>
Thu, 9 Oct 2014 18:30:00 +0000 (19:30 +0100)
commitbc78a2b7c5f6ac9a1b0863dfcf77fba015187acf
tree55c518e1faa0ad517875042767ae0879281abefatree | snapshot
parentf30db15b9f0344e44462b51a7922f376d8cc4607commit | diff
polypath: Provide privsep mode

If secnet is going to drop privileges, it won't be able to call
setsockopt(,,SO_BINDTODEVICE,) to set up the new polypath sockets.

Provide an arrangement where this is done by a child forked before we
drop privilege.

Add some comments to the existing just-broken-down interface change
handling code, saying whether and how they are used in the non-privsep
and privsep cases.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
README diff | blob | history
polypath.c diff | blob | history
Ian's personal secnet repo on chiark, for work-in-progress stuff etc.