gnome-keyring/gnome-keyring-3.1.2-caps-warn-unavail.patch

51 lines
1.6 KiB
Diff
Raw Normal View History

2011-05-10 12:54:54 +00:00
From 156f6f318daa782cd209c90ed69a0d24595af5d1 Mon Sep 17 00:00:00 2001
From: Vincent Untz <vuntz@gnome.org>
Date: Fri, 6 May 2011 14:18:00 +0200
Subject: [PATCH] Accept to run if ipc_lock capability is not available
We print a warning about potential use of unsecure memory, but still
run (and drop unneeded capabilities if we have some). This is better
than nothing.
https://bugzilla.gnome.org/show_bug.cgi?id=649560
---
daemon/gkd-capability.c | 13 +++++++++++--
1 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/daemon/gkd-capability.c b/daemon/gkd-capability.c
index e15200a..92c000c 100644
--- a/daemon/gkd-capability.c
+++ b/daemon/gkd-capability.c
@@ -42,6 +42,12 @@ early_error (const char *err_string)
exit (1);
}
+static void
+early_warning (const char *warn_string)
+{
+ fprintf (stderr, "gnome-keyring-daemon: %s\n", warn_string);
+}
+
#endif /* HAVE_LIPCAPNG */
/*
@@ -74,11 +80,14 @@ gkd_capability_obtain_capability_and_drop_privileges (void)
early_error ("error getting process capabilities");
break;
case CAPNG_NONE:
- early_error ("insufficient process capabilities");
+ early_warning ("insufficient process capabilities, unsecure memory might get used");
break;
case CAPNG_PARTIAL: /* File system based capabilities */
if (!capng_have_capability (CAPNG_EFFECTIVE, CAP_IPC_LOCK)) {
- early_error ("insufficient process capabilities");
+ early_warning ("insufficient process capabilities, unsecure memory might get used");
+ /* Drop all capabilities */
+ capng_clear (CAPNG_SELECT_BOTH);
+ capng_apply (CAPNG_SELECT_BOTH);
break;
}
--
1.7.4.2