capabilities: CAP_CHOWN might be required by many plugins opening UNIX sockets
[strongswan.git] / src / libcharon / plugins / stroke / stroke_plugin.c
index 53b97e7..6c4687f 100644 (file)
@@ -71,6 +71,8 @@ METHOD(plugin_t, get_features, int,
                                PLUGIN_SDEPEND(CERT_DECODE, CERT_ANY),
                                PLUGIN_SDEPEND(CERT_DECODE, CERT_X509),
                                PLUGIN_SDEPEND(CERT_DECODE, CERT_X509_CRL),
+                               PLUGIN_SDEPEND(CERT_DECODE, CERT_X509_AC),
+                               PLUGIN_SDEPEND(CERT_DECODE, CERT_TRUSTED_PUBKEY),
        };
        *features = f;
        return countof(f);
@@ -89,6 +91,12 @@ plugin_t *stroke_plugin_create()
 {
        private_stroke_plugin_t *this;
 
+       if (!lib->caps->keep(lib->caps, CAP_CHOWN))
+       {       /* required to chown(2) stroke socket */
+               DBG1(DBG_CFG, "stroke plugin requires CAP_CHOWN capability");
+               return NULL;
+       }
+
        INIT(this,
                .public = {
                        .plugin = {