diff options
author | NIIBE Yutaka <gniibe@fsij.org> | 2022-06-01 10:19:10 +0900 |
---|---|---|
committer | NIIBE Yutaka <gniibe@fsij.org> | 2022-06-01 10:19:10 +0900 |
commit | 43f51d0ec6b50a6317a6e67642bc87b9ddf45927 (patch) | |
tree | 9ce7681c9b5d8c3fa5b45d73d06b2f45d951ac52 /src/secmem.c | |
parent | a15cb31bf7338ab36562bea6d7ab6e8d776eadb5 (diff) | |
download | libgcrypt-43f51d0ec6b50a6317a6e67642bc87b9ddf45927.tar.gz |
secmem: Remove getting cap_ipc_lock by capabilities support.
* src/secmem.c (lock_pool_pages): Remove escalation of the capability.
--
With CAP_SETPCAP, it might make sense before Linux 2.6.24 when file
capabilityes were not supported. But not any more.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Diffstat (limited to 'src/secmem.c')
-rw-r--r-- | src/secmem.c | 43 |
1 files changed, 1 insertions, 42 deletions
diff --git a/src/secmem.c b/src/secmem.c index b66d66f9..72ec9f2e 100644 --- a/src/secmem.c +++ b/src/secmem.c @@ -289,48 +289,7 @@ print_warn (void) static void lock_pool_pages (void *p, size_t n) { -#if defined(USE_CAPABILITIES) && defined(HAVE_MLOCK) - int err; - - { - cap_t cap; - - if (!no_priv_drop) - { - cap = cap_from_text ("cap_ipc_lock+ep"); - cap_set_proc (cap); - cap_free (cap); - } - err = no_mlock? 0 : mlock (p, n); - if (err && errno) - err = errno; - if (!no_priv_drop) - { - cap = cap_from_text ("cap_ipc_lock+p"); - cap_set_proc (cap); - cap_free(cap); - } - } - - if (err) - { - if (err != EPERM -#ifdef EAGAIN /* BSD and also Linux may return EAGAIN */ - && err != EAGAIN -#endif -#ifdef ENOSYS /* Some SCOs return this (function not implemented) */ - && err != ENOSYS -#endif -#ifdef ENOMEM /* Linux might return this. */ - && err != ENOMEM -#endif - ) - log_error ("can't lock memory: %s\n", strerror (err)); - show_warning = 1; - not_locked = 1; - } - -#elif defined(HAVE_MLOCK) +#if defined(HAVE_MLOCK) uid_t uid; int err; |