sys_netbsd: use privileged helper for socket binding

When dropping root privileges, start the helper to allow binding of server sockets later.
2025-12-03 17:35:06 -05:00 · 2015-12-08 17:19:33 +01:00
parent fedc605956
commit 46f0ad6b53
2 changed files with 4 additions and 0 deletions
--- a/1
+++ b/1
@@ -614,6 +614,7 @@ if [ $feat_droproot = "1" ] && [ $try_clockctl = "1" ] && \
  test_code '<sys/clockctl.h>' 'sys/clockctl.h' '' '' ''
 then
  add_def FEAT_PRIVDROP
+  priv_ops="BINDSOCKET"
 fi

 if [ $feat_scfilter = "1" ] && [ $try_seccomp = "1" ] && \
--- a/sys_netbsd.c
+++ b/sys_netbsd.c
@@ -33,6 +33,7 @@
 #include "sys_netbsd.h"
 #include "sys_timex.h"
 #include "logging.h"
+#include "privops.h"
 #include "util.h"

 /* Maximum frequency offset accepted by the kernel (in ppm) */
@@ -124,6 +125,8 @@ SYS_NetBSD_DropRoot(uid_t uid, gid_t gid)
 {
  int fd;

+  PRV_StartHelper();
+
  if (setgroups(0, NULL))
    LOG_FATAL(LOGF_SysNetBSD, "setgroups() failed : %s", strerror(errno));