capabilities: CAP_CHOWN might be required by many plugins opening UNIX sockets
[strongswan.git] / src / libcharon / plugins / duplicheck / duplicheck_plugin.c
index 4d018db..d6e652d 100644 (file)
@@ -98,6 +98,12 @@ plugin_t *duplicheck_plugin_create()
                return NULL;
        }
 
+       if (!lib->caps->keep(lib->caps, CAP_CHOWN))
+       {       /* required to chown(2) notify socket */
+               DBG1(DBG_CFG, "duplicheck plugin requires CAP_CHOWN capability");
+               return NULL;
+       }
+
        INIT(this,
                .public = {
                        .plugin = {