diff options
| author | Robert Mustacchi <rm@joyent.com> | 2015-03-05 00:42:24 +0000 |
|---|---|---|
| committer | Robert Mustacchi <rm@joyent.com> | 2015-03-05 00:43:19 +0000 |
| commit | ef1c67b096efa631eb0a6d518100ec06e027f7f3 (patch) | |
| tree | 77e3eed2ddb2d14f23610c89e2526c774162b9e1 | |
| parent | a8830a150c2ff2d889cf3f400326104a514cd6e9 (diff) | |
| download | illumos-joyent-ef1c67b096efa631eb0a6d518100ec06e027f7f3.tar.gz | |
OS-3994 varpd loses PRIV_DL_CONFIG
| -rw-r--r-- | usr/src/cmd/varpd/varpd.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/usr/src/cmd/varpd/varpd.c b/usr/src/cmd/varpd/varpd.c index 02e46b4277..fd1dfaa5c8 100644 --- a/usr/src/cmd/varpd/varpd.c +++ b/usr/src/cmd/varpd/varpd.c @@ -279,10 +279,13 @@ varpd_daemonize(int dirfd) * Remove privs from the permitted set. That will cause them to be * removed from the effective set. We want to make sure that in the case * of a vulnerability, something can't get back in here and wreak more - * havoc. + * havoc. But if we want non-basic privs in the effective set, we have + * to request them explicitly. */ if (setppriv(PRIV_SET, PRIV_PERMITTED, pset) == -1) abort(); + if (setppriv(PRIV_SET, PRIV_EFFECTIVE, pset) == -1) + abort(); priv_freeset(pset); |