extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-24 06:29:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

Read capabilities file before the .conf file

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2015-08-27 11:26:26 -07:00
parent 377e2037ca
commit be81ace811
1 changed files with 55 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
Shorewall/Perl/Shorewall/Config.pm
View File

@ -5031,13 +5031,10 @@ sub read_capabilities() {
} }
# #
# Get the system's capabilities, either by probing or by reading a capabilities file # Get the system's capabilities by probing
# #
sub get_capabilities($) sub get_capabilities($)
{ {
my $export = $_[0];
if ( ! $export && $> == 0 ) { # $> == $EUID
$iptables = $config{$toolNAME}; $iptables = $config{$toolNAME};
if ( $iptables ) { if ( $iptables ) {
@ -5068,19 +5065,7 @@ sub get_capabilities( $ )
load_kernel_modules; load_kernel_modules;
if ( open_file 'capabilities' ) { determine_capabilities unless $_[0];
read_capabilities;
} else {
determine_capabilities;
}
} else {
unless ( open_file 'capabilities' ) {
fatal_error "The -e compiler option requires a capabilities file" if $export;
fatal_error "Compiling under non-root uid requires a capabilities file";
}
read_capabilities;
}
} }
# #
@ -5401,6 +5386,28 @@ sub get_configuration( $$$$$ ) {
$ENV{PATH} = $default_path; $ENV{PATH} = $default_path;
} }
my $have_capabilities;
if ( $export || $> != 0 ) {
#
# Compiling for export or user not root -- must use a capabilties file
# We read it before processing the .conf file so that 'update' has
# the capabilities.
#
unless ( open_file 'capabilities' ) {
fatal_error "The -e compiler option requires a capabilities file" if $export;
fatal_error "Compiling under non-root uid requires a capabilities file";
}
read_capabilities;
$have_capabilities = 1;
} elsif ( open_file 'capabilities' ) {
read_capabilities;
$have_capabilities = 1;
}
get_params( $export ); get_params( $export );
process_shorewall_conf( $update, $annotate, $directives ); process_shorewall_conf( $update, $annotate, $directives );
@ -5417,7 +5424,9 @@ sub get_configuration( $$$$$ ) {
default 'MODULE_PREFIX', 'ko ko.gz o o.gz gz'; default 'MODULE_PREFIX', 'ko ko.gz o o.gz gz';
default_yes_no 'LOAD_HELPERS_ONLY' , 'Yes'; default_yes_no 'LOAD_HELPERS_ONLY' , 'Yes';
get_capabilities( $export ); if ( ! $export && $> == 0 ) {
get_capabilities($have_capabilities);
}
my ( $val, $all ); my ( $val, $all );