With --enable-capng ofono would drop privileges:
#ifdef HAVE_CAPNG
/* Drop capabilities */
capng_clear(CAPNG_SELECT_BOTH);
capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED,
CAP_NET_BIND_SERVICE, CAP_NET_ADMIN,
CAP_NET_RAW, CAP_SYS_ADMIN, -1);
capng_apply(CAPNG_SELECT_BOTH);
#endif
Is that enough?
ofono would then need to build depend on libcap-ng-dev, but it's in main
already AFAICS.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/688286
Title:
[MIR] ofono
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
