diff options
author | Matthias Schiffer <mschiffer@universe-factory.net> | 2012-12-24 23:52:18 +0100 |
---|---|---|
committer | Matthias Schiffer <mschiffer@universe-factory.net> | 2012-12-24 23:52:18 +0100 |
commit | 78440eab81959ec7a95effd579fd87b7c56dbe3d (patch) | |
tree | 23a962d528fa2ac50b7c4fba92c36a63df25b479 /src/config.y | |
parent | eaac49427339a365aac2d3505f567572cfbdbb96 (diff) | |
download | fastd-78440eab81959ec7a95effd579fd87b7c56dbe3d.tar fastd-78440eab81959ec7a95effd579fd87b7c56dbe3d.zip |
Add user switching and capability support
Diffstat (limited to 'src/config.y')
-rw-r--r-- | src/config.y | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/src/config.y b/src/config.y index d91dd61..5794124 100644 --- a/src/config.y +++ b/src/config.y @@ -100,7 +100,12 @@ %token TOK_CRYPTO %token TOK_USE %token TOK_DEFAULT +%token TOK_USER %token TOK_GROUP +%token TOK_DROP +%token TOK_CAPABILITIES +%token TOK_EARLY +%token TOK_LOCK %token TOK_LIMIT %token <addr4> TOK_ADDR4 @@ -129,6 +134,8 @@ %type <str> maybe_bind_interface %type <num> maybe_bind_default %type <num> bind_default +%type <num> drop_capabilities_enabled +%type <boolean> drop_capabilities_lock %% start: START_CONFIG config @@ -146,6 +153,9 @@ peer_group_config: ; statement: peer_group_statement + | TOK_USER user ';' + | TOK_GROUP group ';' + | TOK_DROP TOK_CAPABILITIES drop_capabilities ';' | TOK_LOG log ';' | TOK_INTERFACE interface ';' | TOK_BIND bind ';' @@ -169,6 +179,38 @@ peer_group_statement: | TOK_INCLUDE include ';' ; +user: TOK_STRING { + free(conf->user); + conf->user = strdup($1->str); + } + +group: TOK_STRING { + free(conf->group); + conf->group = strdup($1->str); + } + +drop_capabilities: + drop_capabilities_enabled drop_capabilities_lock { + conf->drop_caps = $1; + conf->lock_caps = $2; + } + +drop_capabilities_enabled: + TOK_EARLY { + $$ = DROP_CAPS_EARLY; + } + | boolean { + $$ = $1 ? DROP_CAPS_ON : DROP_CAPS_OFF; + } + +drop_capabilities_lock: + TOK_LOCK { + $$ = true; + } + | { + $$ = false; + } + log: TOK_LEVEL log_level { conf->log_stderr_level = $2; } |