Two additional places need initgroups call to properly work in an
environment where the UID is allowed to open/create stuff through its
supplementary groups.
---
src/storage/storage_backend.c | 15 ++-------------
src/util/util.c | 22 ++--------------------
2 files changed, 4 insertions(+), 33 deletions(-)
diff --git a/src/storage/storage_backend.c b/src/storage/storage_backend.c
index f90425a..a209f88 100644
--- a/src/storage/storage_backend.c
+++ b/src/storage/storage_backend.c
@@ -535,20 +535,9 @@ static int virStorageBuildSetUIDHook(void *data) {
if (tmp->skip)
return 0;
- if ((vol->target.perms.gid != -1)
- && (setgid(vol->target.perms.gid) != 0)) {
- virReportSystemError(errno,
- _("Cannot set gid to %u before creating %s"),
- vol->target.perms.gid, vol->target.path);
- return -1;
- }
- if ((vol->target.perms.uid != -1)
- && (setuid(vol->target.perms.uid) != 0)) {
- virReportSystemError(errno,
- _("Cannot set uid to %u before creating %s"),
- vol->target.perms.uid, vol->target.path);
+ if (virSetUIDGID(vol->target.perms.uid, vol->target.perms.gid) < 0)
return -1;
- }
+
return 0;
}
diff --git a/src/util/util.c b/src/util/util.c
index 0b4370b..e221abe 100644
--- a/src/util/util.c
+++ b/src/util/util.c
@@ -1476,18 +1476,8 @@ parenterror:
/* set desired uid/gid, then attempt to create the file */
- if ((gid != 0) && (setgid(gid) != 0)) {
+ if (virSetUIDGID(uid, gid) < 0) {
ret = -errno;
- virReportSystemError(errno,
- _("cannot set gid %u creating '%s'"),
- (unsigned int) gid, path);
- goto childerror;
- }
- if ((uid != 0) && (setuid(uid) != 0)) {
- ret = -errno;
- virReportSystemError(errno,
- _("cannot set uid %u creating '%s'"),
- (unsigned int) uid, path);
goto childerror;
}
if ((fd = open(path, openflags, mode)) < 0) {
@@ -1595,16 +1585,8 @@ parenterror:
/* set desired uid/gid, then attempt to create the directory */
- if ((gid != 0) && (setgid(gid) != 0)) {
- ret = -errno;
- virReportSystemError(errno, _("cannot set gid %u creating
'%s'"),
- (unsigned int) gid, path);
- goto childerror;
- }
- if ((uid != 0) && (setuid(uid) != 0)) {
+ if (virSetUIDGID(uid, gid) < 0) {
ret = -errno;
- virReportSystemError(errno, _("cannot set uid %u creating
'%s'"),
- (unsigned int) uid, path);
goto childerror;
}
if (mkdir(path, mode) < 0) {
--
1.7.5.rc3