Details
-
Bug
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
1.0.15
-
None
-
None
-
Linux with open JDK 7 and jsvc 1.0.8 (bug still exists in 1.0.15)
Description
The documentation states that Daemon.init might be called with super user privileges on systems that support that concept but on Linux compiled with libcap and -user specified it is called as that user with a few capabilities set which are removed before start is called. This is based on my reading of jsvc-unix.c which might be wrong.
This is fine if you want to bind to a socket but inadequate if you want to use a capability which is not included. In my case I need CAP_NET_RAW (utilized by JNI) but the way jsvc is implemented makes it impossible to do so unless I run the daemon as root or recompile without libcap.
I suggest either adding a command line flag which makes it remain as root during init or alternatively provide a way to specify additional capabilities needed during the init call.