capabilities: CAP_CHOWN might be required by many plugins opening UNIX sockets
[strongswan.git] / src / libcharon / plugins / smp / smp.c
index 0c240cf..d13b822 100644 (file)
@@ -739,6 +739,12 @@ plugin_t *smp_plugin_create()
        private_smp_t *this;
        mode_t old;
 
+       if (!lib->caps->keep(lib->caps, CAP_CHOWN))
+       {       /* required to chown(2) control socket */
+               DBG1(DBG_CFG, "smp plugin requires CAP_CHOWN capability");
+               return NULL;
+       }
+
        INIT(this,
                .public = {
                        .plugin = {