[Home]

Summary:ASTERISK-13152: [patch] restart gracefully drops cap_net_admin capability
Reporter:Joel N. Weber II (nemo)Labels:
Date Opened:2008-12-01 15:39:24.000-0600Date Closed:2009-01-29 17:52:24.000-0600
Priority:MinorRegression?No
Status:Closed/CompleteComponents:Core/General
Versions:Frequency of
Occurrence
Related
Issues:
Environment:Attachments:( 0) 20090105__bug14004.diff.txt
Description:When running asterisk as non-root and setting IP TOS to a value that requires cap_net_admin or root privileges, ``restart gracefully'' or similar commands will cause observed tcpdump output to show the IP TOS value being set to 0 instead of the requested value.
Comments:By: Leif Madsen (lmadsen) 2009-01-05 13:15:22.000-0600

Does this work correctly on startup, but not on restart?
By: Leif Madsen (lmadsen) 2009-01-05 13:23:53.000-0600

It has also been requested which OS and distribution you are using.
By: Tilghman Lesher (tilghman) 2009-01-05 18:08:24.000-0600

Issue confirmed.  Please test this patch, long winded as it is.  The reason is that we needed to avoid forked processes from inheriting the extra capability.  That was the main reason why we made the capability non-inheritable in the first place, but as you pointed out, this made restarts lose the capability, as well.
By: Tilghman Lesher (tilghman) 2009-01-08 15:49:50.000-0600

Patch uploaded.  Testing and feedback would be desireable.
By: Tilghman Lesher (tilghman) 2009-01-15 12:51:55.000-0600

nemo: I really need you to test this patch and report back.
By: Digium Subversion (svnbot) 2009-01-29 16:53:42.000-0600

Repository: asterisk
Revision: 172438

U   branches/1.4/apps/app_dahdiras.c
U   branches/1.4/apps/app_externalivr.c
U   branches/1.4/apps/app_festival.c
U   branches/1.4/apps/app_ices.c
U   branches/1.4/apps/app_mp3.c
U   branches/1.4/apps/app_nbscat.c
U   branches/1.4/autoconf/ast_func_fork.m4
U   branches/1.4/build_tools/menuselect-deps.in
U   branches/1.4/configure
U   branches/1.4/main/asterisk.c
U   branches/1.4/res/res_agi.c
U   branches/1.4/res/res_musiconhold.c

------------------------------------------------------------------------
r172438 | tilghman | 2009-01-29 16:53:41 -0600 (Thu, 29 Jan 2009) | 9 lines

Lose the CAP_NET_ADMIN at every fork, instead of at startup.  Otherwise, if
Asterisk runs as a non-root user and the administrator does a 'restart now',
Asterisk loses the ability to set QOS on packets.
(closes issue ASTERISK-13152)
Reported by: nemo
Patches:
      20090105__bug14004.diff.txt uploaded by Corydon76 (license 14)
Tested by: Corydon76

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=172438
By: Digium Subversion (svnbot) 2009-01-29 17:14:51.000-0600

Repository: asterisk
Revision: 172441

_U  trunk/
U   trunk/apps/app_rpt.c
U   trunk/autoconf/ast_func_fork.m4
U   trunk/configure
U   trunk/main/app.c
U   trunk/main/asterisk.c

------------------------------------------------------------------------
r172441 | tilghman | 2009-01-29 17:14:51 -0600 (Thu, 29 Jan 2009) | 16 lines

Merged revisions 172438 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.4

........
 r172438 | tilghman | 2009-01-29 16:54:29 -0600 (Thu, 29 Jan 2009) | 9 lines
 
 Lose the CAP_NET_ADMIN at every fork, instead of at startup.  Otherwise, if
 Asterisk runs as a non-root user and the administrator does a 'restart now',
 Asterisk loses the ability to set QOS on packets.
 (closes issue ASTERISK-13152)
  Reported by: nemo
  Patches:
        20090105__bug14004.diff.txt uploaded by Corydon76 (license 14)
  Tested by: Corydon76
........

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=172441
By: Digium Subversion (svnbot) 2009-01-29 17:46:22.000-0600

Repository: asterisk
Revision: 172503

_U  branches/1.6.0/
U   branches/1.6.0/apps/app_dahdiras.c
U   branches/1.6.0/apps/app_externalivr.c
U   branches/1.6.0/apps/app_festival.c
U   branches/1.6.0/apps/app_ices.c
U   branches/1.6.0/apps/app_mp3.c
U   branches/1.6.0/apps/app_nbscat.c
U   branches/1.6.0/autoconf/ast_func_fork.m4
U   branches/1.6.0/build_tools/menuselect-deps.in
U   branches/1.6.0/configure
U   branches/1.6.0/main/asterisk.c
U   branches/1.6.0/res/res_agi.c
U   branches/1.6.0/res/res_musiconhold.c

------------------------------------------------------------------------
r172503 | tilghman | 2009-01-29 17:46:22 -0600 (Thu, 29 Jan 2009) | 23 lines

Merged revisions 172441 via svnmerge from
https://origsvn.digium.com/svn/asterisk/trunk

................
 r172441 | tilghman | 2009-01-29 17:15:40 -0600 (Thu, 29 Jan 2009) | 16 lines
 
 Merged revisions 172438 via svnmerge from
 https://origsvn.digium.com/svn/asterisk/branches/1.4
 
 ........
   r172438 | tilghman | 2009-01-29 16:54:29 -0600 (Thu, 29 Jan 2009) | 9 lines
   
   Lose the CAP_NET_ADMIN at every fork, instead of at startup.  Otherwise, if
   Asterisk runs as a non-root user and the administrator does a 'restart now',
   Asterisk loses the ability to set QOS on packets.
   (closes issue ASTERISK-13152)
    Reported by: nemo
    Patches:
          20090105__bug14004.diff.txt uploaded by Corydon76 (license 14)
    Tested by: Corydon76
 ........
................

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=172503
By: Digium Subversion (svnbot) 2009-01-29 17:52:24.000-0600

Repository: asterisk
Revision: 172504

_U  branches/1.6.1/
U   branches/1.6.1/apps/app_rpt.c
U   branches/1.6.1/autoconf/ast_func_fork.m4
U   branches/1.6.1/configure
U   branches/1.6.1/main/app.c
U   branches/1.6.1/main/asterisk.c

------------------------------------------------------------------------
r172504 | tilghman | 2009-01-29 17:52:23 -0600 (Thu, 29 Jan 2009) | 23 lines

Merged revisions 172441 via svnmerge from
https://origsvn.digium.com/svn/asterisk/trunk

................
 r172441 | tilghman | 2009-01-29 17:15:40 -0600 (Thu, 29 Jan 2009) | 16 lines
 
 Merged revisions 172438 via svnmerge from
 https://origsvn.digium.com/svn/asterisk/branches/1.4
 
 ........
   r172438 | tilghman | 2009-01-29 16:54:29 -0600 (Thu, 29 Jan 2009) | 9 lines
   
   Lose the CAP_NET_ADMIN at every fork, instead of at startup.  Otherwise, if
   Asterisk runs as a non-root user and the administrator does a 'restart now',
   Asterisk loses the ability to set QOS on packets.
   (closes issue ASTERISK-13152)
    Reported by: nemo
    Patches:
          20090105__bug14004.diff.txt uploaded by Corydon76 (license 14)
    Tested by: Corydon76
 ........
................

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=172504