X-Git-Url: http://git.madism.org/?p=apps%2Fpfixtools.git;a=blobdiff_plain;f=postlicyd%2Fmain-postlicyd.c;h=60ecb3a765979ddf4516893ac5d4bc9e89fc7274;hp=cae2d236dc8b9de5d91143af242ff011ec14872c;hb=44d04c83a53af19faecb1620cf0f9ed53054da5c;hpb=7723ba1a23042c5bd6a920feabd93d3d373c9d55

diff --git a/postlicyd/main-postlicyd.c b/postlicyd/main-postlicyd.c
index cae2d23..60ecb3a 100644
--- a/postlicyd/main-postlicyd.c
+++ b/postlicyd/main-postlicyd.c
@@ -183,6 +183,11 @@ int main(int argc, char *argv[])
         return EXIT_FAILURE;
     }
 
+    if (drop_privileges(RUNAS_USER, RUNAS_GROUP) < 0) {
+        syslog(LOG_CRIT, "unable to drop privileges");
+        return EXIT_FAILURE;
+    }
+
     config_t *config = config_read(argv[optind]);
     if (config == NULL) {
         return EXIT_FAILURE;
@@ -191,13 +196,11 @@ int main(int argc, char *argv[])
         config->port = port;
     }
 
-    if (common_setup(pidfile, false, RUNAS_USER, RUNAS_GROUP,
-                     daemonize) != EXIT_SUCCESS
+    if (common_setup(pidfile, true, NULL, NULL, daemonize) != EXIT_SUCCESS
         || start_listener(config->port) < 0) {
         config_delete(&config);
         return EXIT_FAILURE;
-    }
-    {
+    } else {
         int res = server_loop(query_starter, (delete_client_t)query_delete,
                               policy_run, config_refresh, config);
         config_delete(&config);