[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH 04/15] util: add virCommandSetUID and virCommandSetGID



On 02/07/2013 02:37 PM, Laine Stump wrote:
> If a uid and/or gid is specified for a command, it will be set just
> after the user-supplied post-fork "hook" function is called.
> 
> The intent is that this can replace user hook functions that set
> uid/gid. This moves the setting of uid/gid and dropping of
> capabilities closer to each other, which is important since the two
> should really be done at the same time (libcapng provides a single
> function that does both, which we will be unable to use, but want to
> mimic as closely as possible).
> ---
>  src/libvirt_private.syms |  2 ++
>  src/util/vircommand.c    | 26 ++++++++++++++++++++++++++
>  src/util/vircommand.h    |  6 +++++-
>  3 files changed, 33 insertions(+), 1 deletion(-)
> 

> +++ b/src/util/vircommand.c
> @@ -101,6 +101,8 @@ struct _virCommand {
>      char *pidfile;
>      bool reap;
>  
> +    uid_t uid;
> +    gid_t gid;
>      unsigned long long capabilities;
>  };
>  
> @@ -605,6 +607,12 @@ virExec(virCommandPtr cmd)
>             goto fork_error;
>      }
>  
> +    if (cmd->uid > 0 || cmd->gid > 0) {

This says we can't explicitly request to run as uid 0.  Wouldn't it be
better to pre-initialize these two fields to (uid_t)-1 and (gid_t)-1
when the virCommandPtr is first allocated, and then check if they have
been changed away from -1 here?

> +        VIR_DEBUG("Setting child uid:gid to %u:%u", cmd->uid, cmd->gid);

Not portable to cygwin; you have to cast uid_t and gid_t to int before
sending it through *printf (see src/util/virutil.c for examples).

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]