Updated PR as discussion in issue 468 , currently ony for testing

doc/INSTALL.md

@@ -68,8 +68,10 @@ After each run of ./configure, those changes are gone and the Makefile is recrea
 There are a couple of configuration options at the beginning of the Makefile: 
 
 * `# override undefine HAVE_LANDLOCK` if you uncomment this line, sslh will be compiled
-  without landlock. As an alternative ./configure creates a config.h file, 
+  without landlock. This works with gcc versions < 12. Otherwise, if your system has
-  which gives also the possibility, to comment that out.
+  linux/landlock.h in the include path, the configure script creates a _**config.h**_ file, 
+  which defines HAVE_LANDLOCK. It is not enough, to set this to 0, you must delete it, 
+  when you don't wish to have landlock in your binary.
   
 * `USELIBWRAP` compiles support for host access control (see `hosts_access(3)`),
   you will need `libwrap` headers and library to compile (`libwrap0-dev` in Debian).
@@ -82,6 +84,11 @@ There are a couple of configuration options at the beginning of the Makefile:
 
 * `USELIBBSD` compiles support for updating the process name (as shown by `ps`).
 
+* `USELIBCAP` compiles support for libcap, which allows to inherit capabilities to 
+  daughter-processes, which run as restricted users. You need this, when you wish to 
+  make sure, that the --user= parameter can be used, without setting capabilities etc.
+  to your binaries, to make this work.
+
 Now you can do either a plain `make` to create the binaries, or you can do an 
 `make install` to create the binaries and install them.
 

landlock.c

@@ -90,6 +90,9 @@ static int add_path_ro(int ruleset_fd, ll_obj_type otype, const char* path)
         return -1;
     }
 
+    // close helper handle
+    close(fd);
+
     return 0;
 }
 

sslh-main.c

@@ -288,14 +288,20 @@ int main(int argc, char *argv[], char* envp[])
    if (!cfg.foreground) {
        if (fork() > 0) exit(0); /* Detach */
        // close stdin, stderr, stdout
+       // closing stdin frees a filehandle, and 0 will not be reused, so no problem
+       // with control-jobs, trying to catch fd/0
+       close(fileno(stdin));
        int newfd;
-       if (newfd = open("/dev/null", O_RDWR)) {
+       // duplicating a handle connected to /dev/null to stdout and stderr
-         dup2 (newfd, STDIN_FILENO);
+       // so we don't run in any problems, when a control-job wor whats-o-ever will
+       // grab stdout and stderr
+       if ((newfd = open("/dev/null", O_RDWR))) {
          dup2 (newfd, STDOUT_FILENO);
          dup2 (newfd, STDERR_FILENO);
+         // close the helper handle, as this is now unnecessary
          close(newfd);
        } else {
-         print_message(msg_config, "Error closing standard filehandles for background daemon\n");
+         print_message(msg_system_error, "Error closing standard filehandles for background daemon\n");
        }
 
        /* New session -- become group leader */

sslh-select.c

@@ -210,7 +210,7 @@ void start_shoveler(int listen_socket) {
 }
 
 
-/* The actual main is in common.c: it's the same for both version of
+/* The actual main is in sslh-main.c: it's the same for all versions of
  * the server
  */