On 02/07/2013 02:37 PM, Laine Stump wrote:
> If a uid and/or gid is specified for a command, it will be set just
> after the user-supplied post-fork "hook" function is called.
>
> The intent is that this can replace user hook functions that set
> uid/gid. This moves the setting of uid/gid and dropping of
> capabilities closer to each other, which is important since the two
> should really be done at the same time (libcapng provides a single
> function that does both, which we will be unable to use, but want to
> mimic as closely as possible).
> ---
> src/libvirt_private.syms | 2 ++
> src/util/vircommand.c | 26 ++++++++++++++++++++++++++
> src/util/vircommand.h | 6 +++++-
> 3 files changed, 33 insertions(+), 1 deletion(-)
>
> +++ b/src/util/vircommand.c
> @@ -101,6 +101,8 @@ struct _virCommand {
> char *pidfile;
> bool reap;
>
> + uid_t uid;
> + gid_t gid;
> unsigned long long capabilities;
> };
>
> @@ -605,6 +607,12 @@ virExec(virCommandPtr cmd)
> goto fork_error;
> }
>
> + if (cmd->uid > 0 || cmd->gid > 0) {
This says we can't explicitly request to run as uid 0. Wouldn't it be
better to pre-initialize these two fields to (uid_t)-1 and (gid_t)-1
when the virCommandPtr is first allocated, and then check if they have
been changed away from -1 here?
> + VIR_DEBUG("Setting child uid:gid to %u:%u", cmd->uid, cmd->gid);
Not portable to cygwin; you have to cast uid_t and gid_t to int before
sending it through *printf (see src/util/virutil.c for examples).
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list