extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-23 08:03:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

Read capabilities file before the .conf file

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2015-08-27 11:26:26 -07:00
parent dc2406d25b
commit af1e2f6c8b
1 changed files with 55 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
Shorewall/Perl/Shorewall/Config.pm
View File

@ -5084,13 +5084,10 @@ sub read_capabilities() {
}
#
# Get the system's capabilities, either by probing or by reading a capabilities file
# Get the system's capabilities by probing
#
sub get_capabilities( $ )
sub get_capabilities($)
{
my $export = $_[0];
if ( ! $export && $> == 0 ) { # $> == $EUID
$iptables = $config{$toolNAME};
if ( $iptables ) {
@ -5121,19 +5118,7 @@ sub get_capabilities( $ )
load_kernel_modules;
if ( open_file 'capabilities' ) {
read_capabilities;
} else {
determine_capabilities;
}
} else {
unless ( open_file 'capabilities' ) {
fatal_error "The -e compiler option requires a capabilities file" if $export;
fatal_error "Compiling under non-root uid requires a capabilities file";
}
read_capabilities;
}
determine_capabilities unless $_[0];
}
#
@ -5454,6 +5439,28 @@ sub get_configuration( $$$$$ ) {
$ENV{PATH} = $default_path;
}
my $have_capabilities;
if ( $export || $> != 0 ) {
#
# Compiling for export or user not root -- must use a capabilties file
# We read it before processing the .conf file so that 'update' has
# the capabilities.
#
unless ( open_file 'capabilities' ) {
fatal_error "The -e compiler option requires a capabilities file" if $export;
fatal_error "Compiling under non-root uid requires a capabilities file";
}
read_capabilities;
$have_capabilities = 1;
} elsif ( open_file 'capabilities' ) {
read_capabilities;
$have_capabilities = 1;
}
get_params( $export );
process_shorewall_conf( $update, $annotate, $directives );
@ -5470,7 +5477,9 @@ sub get_configuration( $$$$$ ) {
default 'MODULE_PREFIX', 'ko ko.gz o o.gz gz';
default_yes_no 'LOAD_HELPERS_ONLY' , 'Yes';
get_capabilities( $export );
if ( ! $export && $> == 0 ) {
get_capabilities($have_capabilities);
}
my ( $val, $all );