"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/firewalld.in" between
firewalld-1.0.1.tar.gz and firewalld-1.0.2.tar.gz

About: firewalld provides a dynamically managed firewall with support for network/firewall zones to define the trust level of network connections or interfaces.

firewalld.in  (firewalld-1.0.1):firewalld.in  (firewalld-1.0.2)
skipping to change at line 143 skipping to change at line 143
if not os.path.exists(config.FIREWALLD_TEMPDIR): if not os.path.exists(config.FIREWALLD_TEMPDIR):
os.mkdir(config.FIREWALLD_TEMPDIR, 0o750) os.mkdir(config.FIREWALLD_TEMPDIR, 0o750)
# attempt to drop Linux capabilities to a minimal set: # attempt to drop Linux capabilities to a minimal set:
# - CAP_NET_ADMIN # - CAP_NET_ADMIN
# - CAP_NET_RAW # - CAP_NET_RAW
# - CAP_SYS_MODULE # - CAP_SYS_MODULE
try: try:
import capng import capng
capng.capng_clear(capng.CAPNG_SELECT_BOTH) capng.capng_clear(capng.CAPNG_SELECT_BOTH)
capng.capng_update(capng.CAPNG_ADD, capng.CAPNG_EFFECTIVE | capng.CA if capng.capng_update(capng.CAPNG_ADD, capng.CAPNG_EFFECTIVE | capng
PNG_PERMITTED | capng.CAPNG_BOUNDING_SET, .CAPNG_PERMITTED | capng.CAPNG_BOUNDING_SET,
capng.CAP_NET_ADMIN) capng.CAP_NET_ADMIN) or \
capng.capng_update(capng.CAPNG_ADD, capng.CAPNG_EFFECTIVE | capng.CA capng.capng_update(capng.CAPNG_ADD, capng.CAPNG_EFFECTIVE | capng
PNG_PERMITTED | capng.CAPNG_BOUNDING_SET, .CAPNG_PERMITTED | capng.CAPNG_BOUNDING_SET,
capng.CAP_NET_RAW) capng.CAP_NET_RAW) or \
capng.capng_update(capng.CAPNG_ADD, capng.CAPNG_EFFECTIVE | capng.CA capng.capng_update(capng.CAPNG_ADD, capng.CAPNG_EFFECTIVE | capng
PNG_PERMITTED | capng.CAPNG_BOUNDING_SET, .CAPNG_PERMITTED | capng.CAPNG_BOUNDING_SET,
capng.CAP_SYS_MODULE) capng.CAP_SYS_MODULE) or \
capng.capng_apply(capng.CAPNG_SELECT_BOTH) capng.capng_apply(capng.CAPNG_SELECT_BOTH):
log.info(log.INFO1, "Dropped Linux capabilities to NET_ADMIN, NET_RA log.info(log.INFO1, "libcap-ng failed to drop Linux capabilities
W, SYS_MODULE.") .")
else:
log.info(log.INFO1, "Dropped Linux capabilities to NET_ADMIN, NE
T_RAW, SYS_MODULE.")
except ImportError: except ImportError:
pass pass
if args.system_config: if args.system_config:
config.set_system_config_paths(args.system_config) config.set_system_config_paths(args.system_config)
if args.default_config: if args.default_config:
config.set_default_config_paths(args.default_config) config.set_default_config_paths(args.default_config)
# Start the server mainloop here # Start the server mainloop here
 End of changes. 1 change blocks. 
12 lines changed or deleted 15 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)