Peter Spikings created DAEMON-320:
-------------------------------------
Summary: Can't bind raw sockets in Daemon init method
Key: DAEMON-320
URL: https://issues.apache.org/jira/browse/DAEMON-320
Project: Commons Daemon
Issue Type: Bug
Components: Jsvc
Affects Versions: 1.0.15
Environment: Linux with open JDK 7 and jsvc 1.0.8 (bug still exists in
1.0.15)
Reporter: Peter Spikings
Priority: Minor
The documentation states that Daemon.init might be called with super user
privileges on systems that support that concept but on Linux compiled with
libcap and -user specified it is called as that user with a few capabilities
set which are removed before start is called. This is based on my readon of
jsvc-unix.c which might be wrong.
This is fine if you want to bind to a socket but inadequate if you want to use
a capability which is not included. In my case I need CAP_NET_RAW (utilized by
JNI) but the way jsvc is implemented makes it impossible to do so unless I run
the daemon as root or recompile without libcap.
I suggest either adding a command line flag which makes it remain as root
during init or alternatively provide a way to specify additional capabilities
needed during the init call.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
