using capset version 1 if a newer is available
authorMartin Willi <martin@strongswan.org>
Wed, 7 May 2008 08:46:37 +0000 (08:46 -0000)
committerMartin Willi <martin@strongswan.org>
Wed, 7 May 2008 08:46:37 +0000 (08:46 -0000)
src/charon/daemon.c

index 87f3348..0400a99 100644 (file)
@@ -266,7 +266,13 @@ static void drop_capabilities(private_daemon_t *this, bool full)
                keep |= (1<<CAP_SETGID);
        }
 
+       /* we use the old capset version for now. For systems with version 2
+        * available, we specifiy version 1 excplicitly. */
+#ifdef _LINUX_CAPABILITY_VERSION_1
+       hdr.version = _LINUX_CAPABILITY_VERSION_1;
+#else
        hdr.version = _LINUX_CAPABILITY_VERSION;
+#endif
        hdr.pid = 0;
        data.inheritable = data.effective = data.permitted = keep;