Re: [libvirt] [PATCH 04/15] util: add virCommandSetUID and virCommandSetGID
On 02/07/2013 02:37 PM, Laine Stump wrote:
If a uid and/or gid is specified for a command, it will be set just
after the user-supplied post-fork "hook" function is called.
The intent is that this can replace user hook functions that set
uid/gid. This moves the setting of uid/gid and dropping of
capabilities closer to each other, which is important since the two
should really be done at the same time (libcapng provides a single
function that does both, which we will be unable to use, but want to
mimic as closely as possible).
---
src/libvirt_private.syms | 2 ++
src/util/vircommand.c | 26 ++++++++++++++++++++++++++
src/util/vircommand.h | 6 +++++-
3 files changed, 33 insertions(+), 1 deletion(-)
+++ b/src/util/vircommand.c
@@ -101,6 +101,8 @@ struct _virCommand {
char *pidfile;
bool reap;
+ uid_t uid;
+ gid_t gid;
unsigned long long capabilities;
};
@@ -605,6 +607,12 @@ virExec(virCommandPtr cmd)
goto fork_error;
}
+ if (cmd->uid > 0 || cmd->gid > 0) {
This says we can't explicitly request to run as uid 0. Wouldn't it be
better to pre-initialize these two fields to (uid_t)-1 and (gid_t)-1
when the virCommandPtr is first allocated, and then check if they have
been changed away from -1 here?
+ VIR_DEBUG("Setting child uid:gid to %u:%u",
cmd->uid, cmd->gid);
Not portable to cygwin; you have to cast uid_t and gid_t to int before
sending it through *printf (see src/util/virutil.c for examples).
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 621 bytes)