diff options
| author | Pawel Jakub Dawidek <pjd@FreeBSD.org> | 2011-03-21 21:31:50 +0000 |
|---|---|---|
| committer | Pawel Jakub Dawidek <pjd@FreeBSD.org> | 2011-03-21 21:31:50 +0000 |
| commit | 4d8dc3b838f066d838cf449cd3b8073a8620e484 (patch) | |
| tree | 423b8a1794223b5607ff01f014ec10c088e66a0b /sbin/hastd/subr.h | |
| parent | f394ce6e5bf976f4449596ad943b045a86cd3690 (diff) | |
| download | src-4d8dc3b838f066d838cf449cd3b8073a8620e484.tar.gz src-4d8dc3b838f066d838cf449cd3b8073a8620e484.zip | |
When dropping privileges prefer capsicum over chroot+setgid+setuid.
We can use capsicum for secondary worker processes and hastctl.
When working as primary we drop privileges using chroot+setgid+setuid
still as we need to send ioctl(2)s to ggate device, for which capsicum
doesn't allow (yet).
X-MFC after: capsicum is merged to stable/8
Notes
Notes:
svn path=/head/; revision=219847
Diffstat (limited to 'sbin/hastd/subr.h')
| -rw-r--r-- | sbin/hastd/subr.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sbin/hastd/subr.h b/sbin/hastd/subr.h index 0b9b55557af1..179fd0016a48 100644 --- a/sbin/hastd/subr.h +++ b/sbin/hastd/subr.h @@ -50,6 +50,6 @@ int snprlcat(char *str, size_t size, const char *fmt, ...); int provinfo(struct hast_resource *res, bool dowrite); const char *role2str(int role); -int drop_privs(void); +int drop_privs(bool usecapsicum); #endif /* !_SUBR_H_ */ |