Re: [PATCH 2/2] Replace all remaining setgid/setuid calls with virSetUIDGID

Laine Stump <laine@xxxxxxxxx> · Mon, 23 May 2011 12:55:45 -0400

On 05/22/2011 10:55 AM, Jiri Denemark wrote:
Two additional places need initgroups call to properly work in an
environment where the UID is allowed to open/create stuff through its
supplementary groups.
---
  src/storage/storage_backend.c |   15 ++-------------
  src/util/util.c               |   22 ++--------------------
  2 files changed, 4 insertions(+), 33 deletions(-)

diff --git a/src/storage/storage_backend.c b/src/storage/storage_backend.c
index f90425a..a209f88 100644
--- a/src/storage/storage_backend.c
+++ b/src/storage/storage_backend.c
@@ -535,20 +535,9 @@ static int virStorageBuildSetUIDHook(void *data) {
      if (tmp->skip)
          return 0;

-    if ((vol->target.perms.gid != -1)
-&&  (setgid(vol->target.perms.gid) != 0)) {
-        virReportSystemError(errno,
-                             _("Cannot set gid to %u before creating %s"),
-                             vol->target.perms.gid, vol->target.path);
-        return -1;
-    }
-    if ((vol->target.perms.uid != -1)
-&&  (setuid(vol->target.perms.uid) != 0)) {
-        virReportSystemError(errno,
-                             _("Cannot set uid to %u before creating %s"),
-                             vol->target.perms.uid, vol->target.path);
+    if (virSetUIDGID(vol->target.perms.uid, vol->target.perms.gid)<  0)
          return -1;
-    }
+
      return 0;
  }

diff --git a/src/util/util.c b/src/util/util.c
index 0b4370b..e221abe 100644
--- a/src/util/util.c
+++ b/src/util/util.c
@@ -1476,18 +1476,8 @@ parenterror:

      /* set desired uid/gid, then attempt to create the file */

-    if ((gid != 0)&&  (setgid(gid) != 0)) {
+    if (virSetUIDGID(uid, gid)<  0) {
          ret = -errno;
-        virReportSystemError(errno,
-                             _("cannot set gid %u creating '%s'"),
-                             (unsigned int) gid, path);
-        goto childerror;
-    }
-    if  ((uid != 0)&&  (setuid(uid) != 0)) {
-        ret = -errno;
-        virReportSystemError(errno,
-                             _("cannot set uid %u creating '%s'"),
-                             (unsigned int) uid, path);
          goto childerror;
      }
      if ((fd = open(path, openflags, mode))<  0) {
@@ -1595,16 +1585,8 @@ parenterror:

      /* set desired uid/gid, then attempt to create the directory */

-    if ((gid != 0)&&  (setgid(gid) != 0)) {
-        ret = -errno;
-        virReportSystemError(errno, _("cannot set gid %u creating '%s'"),
-                             (unsigned int) gid, path);
-        goto childerror;
-    }
-    if  ((uid != 0)&&  (setuid(uid) != 0)) {
+    if (virSetUIDGID(uid, gid)<  0) {
          ret = -errno;
-        virReportSystemError(errno, _("cannot set uid %u creating '%s'"),
-                             (unsigned int) uid, path);
          goto childerror;
      }
      if (mkdir(path, mode)<  0) {

ACK.

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list





