1 files changed, 10 insertions, 4 deletions

diff --git a/src/charon/charon.c b/src/charon/charon.c
index f23717034..180486746 100644
--- a/src/charon/charon.c
+++ b/src/charon/charon.c
@@ -204,7 +204,7 @@ static bool check_pidfile()
 			}
 			fclose(pidfile);
 			pidfile = NULL;
-			if (pid && kill(pid, 0) == 0)
+			if (pid && pid != getpid() && kill(pid, 0) == 0)
 			{
 				DBG1(DBG_DMN, "charon already running ('"PID_FILE"' exists)");
 				return TRUE;
@@ -231,9 +231,15 @@ static bool check_pidfile()
 			DBG1(DBG_LIB, "setting FD_CLOEXEC for '"PID_FILE"' failed: %s",
 				 strerror(errno));
 		}
-		ignore_result(fchown(fd,
-							 lib->caps->get_uid(lib->caps),
-							 lib->caps->get_gid(lib->caps)));
+		/* Only fchown() the pidfile if we have CAP_CHOWN. Otherwise,
+		 * directory permissions should allow pidfile to be accessed
+		 * by the UID/GID under which the charon daemon will run. */
+		if (lib->caps->check(lib->caps, CAP_CHOWN))
+		{
+			ignore_result(fchown(fd,
+								 lib->caps->get_uid(lib->caps),
+								 lib->caps->get_gid(lib->caps)));
+		}
 		fprintf(pidfile, "%d\n", getpid());
 		fflush(pidfile);
 		return FALSE;