[
https://issues.apache.org/jira/browse/DAEMON-320?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Peter Spikings updated DAEMON-320:
----------------------------------
Description:
The documentation states that Daemon.init might be called with super user
privileges on systems that support that concept but on Linux compiled with
libcap and -user specified it is called as that user with a few capabilities
set which are removed before start is called. This is based on my reading of
jsvc-unix.c which might be wrong.
This is fine if you want to bind to a socket but inadequate if you want to use
a capability which is not included. In my case I need CAP_NET_RAW (utilized by
JNI) but the way jsvc is implemented makes it impossible to do so unless I run
the daemon as root or recompile without libcap.
I suggest either adding a command line flag which makes it remain as root
during init or alternatively provide a way to specify additional capabilities
needed during the init call.
was:
The documentation states that Daemon.init might be called with super user
privileges on systems that support that concept but on Linux compiled with
libcap and -user specified it is called as that user with a few capabilities
set which are removed before start is called. This is based on my readon of
jsvc-unix.c which might be wrong.
This is fine if you want to bind to a socket but inadequate if you want to use
a capability which is not included. In my case I need CAP_NET_RAW (utilized by
JNI) but the way jsvc is implemented makes it impossible to do so unless I run
the daemon as root or recompile without libcap.
I suggest either adding a command line flag which makes it remain as root
during init or alternatively provide a way to specify additional capabilities
needed during the init call.
> Can't bind raw sockets in Daemon init method
> --------------------------------------------
>
> Key: DAEMON-320
> URL: https://issues.apache.org/jira/browse/DAEMON-320
> Project: Commons Daemon
> Issue Type: Bug
> Components: Jsvc
> Affects Versions: 1.0.15
> Environment: Linux with open JDK 7 and jsvc 1.0.8 (bug still exists
> in 1.0.15)
> Reporter: Peter Spikings
> Priority: Minor
>
> The documentation states that Daemon.init might be called with super user
> privileges on systems that support that concept but on Linux compiled with
> libcap and -user specified it is called as that user with a few capabilities
> set which are removed before start is called. This is based on my reading of
> jsvc-unix.c which might be wrong.
> This is fine if you want to bind to a socket but inadequate if you want to
> use a capability which is not included. In my case I need CAP_NET_RAW
> (utilized by JNI) but the way jsvc is implemented makes it impossible to do
> so unless I run the daemon as root or recompile without libcap.
> I suggest either adding a command line flag which makes it remain as root
> during init or alternatively provide a way to specify additional capabilities
> needed during the init call.
--
This message was sent by Atlassian JIRA
(v6.2#6252)