Uploaded image for project: 'Commons Daemon'
  1. Commons Daemon
  2. DAEMON-320

Can't bind raw sockets in Daemon init method

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • 1.0.15
    • None
    • Jsvc
    • None
    • Linux with open JDK 7 and jsvc 1.0.8 (bug still exists in 1.0.15)

    Description

      The documentation states that Daemon.init might be called with super user privileges on systems that support that concept but on Linux compiled with libcap and -user specified it is called as that user with a few capabilities set which are removed before start is called. This is based on my reading of jsvc-unix.c which might be wrong.

      This is fine if you want to bind to a socket but inadequate if you want to use a capability which is not included. In my case I need CAP_NET_RAW (utilized by JNI) but the way jsvc is implemented makes it impossible to do so unless I run the daemon as root or recompile without libcap.

      I suggest either adding a command line flag which makes it remain as root during init or alternatively provide a way to specify additional capabilities needed during the init call.

      Attachments

        Activity

          People

            Unassigned Unassigned
            peter_spikings Peter Spikings
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: