main: open cmdmon and NTP internet sockets before dropping root

Call the CAM, NIO, NCR initialization functions and setup the access restrictions before root is dropped. This will be needed on NetBSD, where it's not possible to bind sockets to privileged ports without the root privileges. Split the creation of the Unix domain command socket from the CAM initialization to keep the chrony user as the owner of the socket.
2025-12-05 05:15:06 -05:00 · 2015-08-24 17:15:31 +02:00
parent c0867b58f5
commit 8854c00d48
3 changed files with 23 additions and 11 deletions
--- a/cmdmon.c
+++ b/cmdmon.c
@@ -267,10 +267,7 @@ CAM_Initialise(int family)
    assert(command_length == 0 || command_length >= offsetof(CMD_Reply, data));
  }

-  if (CNF_GetBindCommandPath()[0])
-    sock_fdu = prepare_socket(AF_UNIX, 0);
-  else
-    sock_fdu = -1;
+  sock_fdu = -1;

  port_number = CNF_GetCommandPort();

@@ -328,6 +325,17 @@ CAM_Finalise(void)

 /* ================================================== */

+void
+CAM_OpenUnixSocket(void)
+{
+  /* This is separated from CAM_Initialise() as it needs to be called when
+     the process has already dropped the root privileges */
+  if (CNF_GetBindCommandPath()[0])
+    sock_fdu = prepare_socket(AF_UNIX, 0);
+}
+
+/* ================================================== */
+
 static void
 transmit_reply(CMD_Reply *msg, union sockaddr_all *where_to)
 {