diff --git a/man/start-stop-daemon.8 b/man/start-stop-daemon.8 index 990e9097..aedbd0cb 100644 --- a/man/start-stop-daemon.8 +++ b/man/start-stop-daemon.8 @@ -164,6 +164,10 @@ log it or send it to another location. .It Fl -capabilities Ar cap-list Start the daemon with the listed inheritable, ambient and bounding capabilities. The format is the same as in cap_iab(3). +.It Fl -secbits Ar sec-bits +Set the security-bits for the program. +The numeric value of the security-bits can be found in header file. +The format is the same as in strtoul(3). .It Fl w , -wait Ar milliseconds Wait .Ar milliseconds diff --git a/man/supervise-daemon.8 b/man/supervise-daemon.8 index 9ff6ff66..799a791a 100644 --- a/man/supervise-daemon.8 +++ b/man/supervise-daemon.8 @@ -161,6 +161,10 @@ but with the standard error output. .It Fl -capabilities Ar cap-list Start the daemon with the listed inheritable, ambient and bounding capabilities. The format is the same as in cap_iab(3). +.It Fl -secbits Ar sec-bits +Set the security-bits for the program. +The numeric value of the security-bits can be found in header file. +The format is the same as in strtoul(3). .El .Sh ENVIRONMENT .Va SSD_IONICELEVEL diff --git a/sh/start-stop-daemon.sh b/sh/start-stop-daemon.sh index 02a7cd84..bbb4da37 100644 --- a/sh/start-stop-daemon.sh +++ b/sh/start-stop-daemon.sh @@ -54,6 +54,7 @@ ssd_start() ${output_logger_arg} \ ${error_logger_arg} \ ${capabilities+--capabilities} "$capabilities" \ + ${secbits:+--secbits} "$secbits" \ ${procname:+--name} $procname \ ${pidfile:+--pidfile} $pidfile \ ${command_user+--user} $command_user \ diff --git a/sh/supervise-daemon.sh b/sh/supervise-daemon.sh index be4c9d71..39fe5727 100644 --- a/sh/supervise-daemon.sh +++ b/sh/supervise-daemon.sh @@ -37,6 +37,7 @@ supervise_start() ${healthcheck_delay:+--healthcheck-delay} $healthcheck_delay \ ${healthcheck_timer:+--healthcheck-timer} $healthcheck_timer \ ${capabilities+--capabilities} "$capabilities" \ + ${secbits:+--secbits} "$secbits" \ ${command_user+--user} $command_user \ ${umask+--umask} $umask \ ${supervise_daemon_args:-${start_stop_daemon_args}} \ diff --git a/src/rc/start-stop-daemon.c b/src/rc/start-stop-daemon.c index 4d89b0b6..e1a520f5 100644 --- a/src/rc/start-stop-daemon.c +++ b/src/rc/start-stop-daemon.c @@ -74,6 +74,7 @@ const char getoptstring[] = "I:KN:PR:Sa:bc:d:e:g:ik:mn:op:s:tu:r:w:x:1:2:3:4:" \ getoptstring_COMMON; const struct option longopts[] = { { "capabilities", 1, NULL, 0x100}, + { "secbits", 1, NULL, 0x101}, { "ionice", 1, NULL, 'I'}, { "stop", 0, NULL, 'K'}, { "nicelevel", 1, NULL, 'N'}, @@ -107,6 +108,7 @@ const struct option longopts[] = { }; const char * const longopts_help[] = { "Set the inheritable, ambient and bounding capabilities", + "Set the security-bits for the program", "Set an ionice class:data when starting", "Stop daemon", "Set a nicelevel when starting", @@ -315,6 +317,7 @@ int main(int argc, char **argv) unsigned int start_wait = 0; #ifdef HAVE_CAP cap_iab_t cap_iab = NULL; + unsigned secbits = 0; #endif applet = basename_c(argv[0]); @@ -372,6 +375,21 @@ int main(int argc, char **argv) #endif break; + case 0x101: +#ifdef HAVE_CAP + if (*optarg == '\0') + eerrorx("Secbits are empty"); + + tmp = NULL; + secbits = strtoul(optarg, &tmp, 0); + if (*tmp != '\0') + eerrorx("Could not parse secbits: invalid char %c", *tmp); +#else + eerrorx("Capabilities support not enabled"); +#endif + break; + + case 'I': /* --ionice */ if (sscanf(optarg, "%d:%d", &ionicec, &ioniced) == 0) eerrorx("%s: invalid ionice `%s'", @@ -890,6 +908,11 @@ int main(int argc, char **argv) if (i != 0) eerrorx("Could not set iab: %s", strerror(errno)); } + + if (secbits != 0) { + if (cap_set_secbits(secbits) < 0) + eerrorx("Could not set securebits to 0x%x: %s", secbits, strerror(errno)); + } #endif #ifdef TIOCNOTTY diff --git a/src/rc/supervise-daemon.c b/src/rc/supervise-daemon.c index 135fc902..5c5c01fc 100644 --- a/src/rc/supervise-daemon.c +++ b/src/rc/supervise-daemon.c @@ -78,6 +78,7 @@ const struct option longopts[] = { { "healthcheck-timer", 1, NULL, 'a'}, { "healthcheck-delay", 1, NULL, 'A'}, { "capabilities", 1, NULL, 0x100}, + { "secbits", 1, NULL, 0x101}, { "respawn-delay", 1, NULL, 'D'}, { "chdir", 1, NULL, 'd'}, { "env", 1, NULL, 'e'}, @@ -104,6 +105,7 @@ const char * const longopts_help[] = { "set an initial health check delay", "set a health check timer", "Set the inheritable, ambient and bounding capabilities", + "Set the security-bits for the program", "Set a respawn delay", "Change the PWD", "Set an environment string", @@ -160,6 +162,7 @@ static char *svcname = NULL; static bool verbose = false; #ifdef HAVE_CAP static cap_iab_t cap_iab = NULL; +static unsigned secbits = 0; #endif extern char **environ; @@ -427,6 +430,11 @@ static void child_process(char *exec, char **argv) if (i != 0) eerrorx("Could not set iab: %s", strerror(errno)); } + + if (secbits != 0) { + if (cap_set_secbits(secbits) < 0) + eerrorx("Could not set securebits to 0x%x: %s", secbits, strerror(errno)); + } #endif /* remove the controlling tty */ @@ -832,6 +840,20 @@ int main(int argc, char **argv) #endif break; + case 0x101: +#ifdef HAVE_CAP + if (*optarg == '\0') + eerrorx("Secbits are empty"); + + tmp = NULL; + secbits = strtoul(optarg, &tmp, 0); + if (*tmp != '\0') + eerrorx("Could not parse secbits: invalid char %c", *tmp); +#else + eerrorx("Capabilities support not enabled"); +#endif + break; + case 'D': /* --respawn-delay time */ n = sscanf(optarg, "%d", &respawn_delay); if (n != 1 || respawn_delay < 1)