[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 7/8] os-posix: Provide new -runasid option
From: |
Peter Maydell |
Subject: |
Re: [Qemu-devel] [PATCH 7/8] os-posix: Provide new -runasid option |
Date: |
Fri, 6 Oct 2017 13:59:06 +0100 |
On 4 October 2017 at 17:18, Ian Jackson <address@hidden> wrote:
> This allows the caller to specify a uid and gid to use, even if there
> is no corresponding password entry. This will be useful in certain
> Xen configurations.
>
> Signed-off-by: Ian Jackson <address@hidden>
> ---
> @@ -166,17 +187,19 @@ void os_parse_cmd_args(int index, const char *optarg)
>
> static void change_process_uid(void)
> {
> - if (user_pwd) {
> - if (setgid(user_pwd->pw_gid) < 0) {
> + if (user_pwd || user_uid != (uid_t)-1) {
> + if (setgid(user_pwd ? user_pwd->pw_gid : user_gid) < 0) {
> fprintf(stderr, "Failed to setgid(%d)\n", user_pwd->pw_gid);
If you're changing the gid we pass to setgid() I think you should
also change the value we tell the user we tried to use in the
error message, or it could be rather confusing.
> exit(1);
> }
> - if (initgroups(user_pwd->pw_name, user_pwd->pw_gid) < 0) {
> + if ((user_pwd
> + ? initgroups(user_pwd->pw_name, user_pwd->pw_gid)
> + : setgroups(1, &user_gid)) < 0) {
> fprintf(stderr, "Failed to initgroups(\"%s\", %d)\n",
> user_pwd->pw_name, user_pwd->pw_gid);
...and here we might claim we failed initgroups() when we actually
failed setgroups().
> exit(1);
> }
> - if (setuid(user_pwd->pw_uid) < 0) {
> + if (setuid(user_pwd ? user_pwd->pw_uid : user_gid) < 0) {
> fprintf(stderr, "Failed to setuid(%d)\n", user_pwd->pw_uid);
This error message should be updated too.
thanks
-- PMM
[Qemu-devel] [PATCH 3/8] xen: defer call to xen_restrict until after os_setup_post, Ian Jackson, 2017/10/04