chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
networkd: netdev - add dummy support
[elogind.git]
/
src
/
resolve
/
resolved.c
diff --git
a/src/resolve/resolved.c
b/src/resolve/resolved.c
index 82f43d68031b398116215974c71d34e9a8a88a9f..f61b70f46b6814743c80f20424d8d76ba1901da5 100644
(file)
--- a/
src/resolve/resolved.c
+++ b/
src/resolve/resolved.c
@@
-25,9
+25,13
@@
#include "resolved.h"
#include "mkdir.h"
#include "resolved.h"
#include "mkdir.h"
+#include "capability.h"
int main(int argc, char *argv[]) {
_cleanup_manager_free_ Manager *m = NULL;
int main(int argc, char *argv[]) {
_cleanup_manager_free_ Manager *m = NULL;
+ const char *user = "systemd-resolve";
+ uid_t uid;
+ gid_t gid;
int r;
log_set_target(LOG_TARGET_AUTO);
int r;
log_set_target(LOG_TARGET_AUTO);
@@
-42,11
+46,23
@@
int main(int argc, char *argv[]) {
goto out;
}
goto out;
}
+ r = get_user_creds(&user, &uid, &gid, NULL, NULL);
+ if (r < 0) {
+ log_error("Cannot resolve user name %s: %s", user, strerror(-r));
+ goto out;
+ }
+
/* Always create the directory where resolv.conf will live */
/* Always create the directory where resolv.conf will live */
- r = mkdir_
label("/run/systemd/network", 0755
);
- if (r < 0)
+ r = mkdir_
safe_label("/run/systemd/resolve", 0755, uid, gid
);
+ if (r < 0)
{
log_error("Could not create runtime directory: %s",
strerror(-r));
log_error("Could not create runtime directory: %s",
strerror(-r));
+ goto out;
+ }
+
+ r = drop_privileges(uid, gid, 0);
+ if (r < 0)
+ goto out;
r = manager_new(&m);
if (r < 0) {
r = manager_new(&m);
if (r < 0) {