On 02/07/2013 02:37 PM, Laine Stump wrote: > If a uid and/or gid is specified for a command, it will be set just > after the user-supplied post-fork "hook" function is called. > > The intent is that this can replace user hook functions that set > uid/gid. This moves the setting of uid/gid and dropping of > capabilities closer to each other, which is important since the two > should really be done at the same time (libcapng provides a single > function that does both, which we will be unable to use, but want to > mimic as closely as possible). > --- > src/libvirt_private.syms | 2 ++ > src/util/vircommand.c | 26 ++++++++++++++++++++++++++ > src/util/vircommand.h | 6 +++++- > 3 files changed, 33 insertions(+), 1 deletion(-) > > +++ b/src/util/vircommand.c > @@ -101,6 +101,8 @@ struct _virCommand { > char *pidfile; > bool reap; > > + uid_t uid; > + gid_t gid; > unsigned long long capabilities; > }; > > @@ -605,6 +607,12 @@ virExec(virCommandPtr cmd) > goto fork_error; > } > > + if (cmd->uid > 0 || cmd->gid > 0) { This says we can't explicitly request to run as uid 0. Wouldn't it be better to pre-initialize these two fields to (uid_t)-1 and (gid_t)-1 when the virCommandPtr is first allocated, and then check if they have been changed away from -1 here? > + VIR_DEBUG("Setting child uid:gid to %u:%u", cmd->uid, cmd->gid); Not portable to cygwin; you have to cast uid_t and gid_t to int before sending it through *printf (see src/util/virutil.c for examples). -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list