the following patch fixes the chroot problem. it retains cap_sys_chroot
for a few lines longer in the code -- note there is a subsequent call
already in the code which removes all capabilities except cap_sys_time.
-dean
--- ntp-4.2.0a+stable/ntpd/ntpd.c.orig 2005-06-29 14:01:31.000000000 -0700
+++ ntp-4.2.0a+stable/ntpd/ntpd.c 2005-06-29 14:06:12.000000000 -0700
@@ -848,7 +848,7 @@
* drop privileges in this case.
*/
cap_t caps;
- if( ! ( caps = cap_from_text(
"cap_sys_time,cap_setuid,cap_setgid=pe" ) ) ) {
+ if( ! ( caps = cap_from_text(
"cap_sys_time,cap_setuid,cap_setgid,cap_sys_chroot=pe" ) ) ) {
msyslog( LOG_ERR, "cap_from_text() failed: %m" );
exit(-1);
}
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
