1 Patch to make flashpolicyd to run as user nobody/nobody with --user nobody
5 Signed-off-by: Elan Ruusamäe <glen@delfi.ee>
7 --- flashpolicyd-2.1/flashpolicyd.rb 2009-10-08 00:11:42.000000000 +0300
8 +++ flashpolicyd-2.1/flashpolicyd~ 2010-02-09 19:34:24.850284233 +0200
10 [ '--verbose', '-v', GetoptLong::NO_ARGUMENT],
11 [ '--timeout', '-t', GetoptLong::OPTIONAL_ARGUMENT],
12 [ '--logfreq', '-l', GetoptLong::OPTIONAL_ARGUMENT],
13 + [ '--user', '-u', GetoptLong::OPTIONAL_ARGUMENT],
14 [ '--logfile', GetoptLong::REQUIRED_ARGUMENT],
15 [ '--help', '-h', GetoptLong::NO_ARGUMENT]
23 opts.each { |opt, arg|
35 server = PolicyServer.new(843, "0.0.0.0", @xmldata, @logger, @timeout, @verbose)
38 + # change user after binding to port
39 + if (user.length > 0)
41 + uid = Etc.getpwnam(user).uid
42 + gid = Etc.getpwnam(user).gid
43 + # Change process ownership
44 + Process.initgroups(user, gid)
45 + Process::GID.change_privilege(gid)
46 + Process::UID.change_privilege(uid)
49 # Send HUP to toggle debug mode or not for a running server