If a uid and/or gid is specified for a command, it will be set just
after the user-supplied post-fork "hook" function is called.
The intent is that this can replace user hook functions that set
uid/gid. This moves the setting of uid/gid and dropping of
capabilities closer to each other, which is important since the two
should really be done at the same time (libcapng provides a single
function that does both, which we will be unable to use, but want to
mimic as closely as possible).
---
Change from V1:
* only bypass uid/gid setting if they are -1
* cast -1 to ([gu]id_t) when comparing to a [gu]id_t
* cast uid and gid to (int) for printing
src/libvirt_private.syms | 2 ++
src/util/vircommand.c | 29 +++++++++++++++++++++++++++++
src/util/vircommand.h | 6 +++++-
3 files changed, 36 insertions(+), 1 deletion(-)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index b9d45a2..511a686 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -158,12 +158,14 @@ virCommandRun;
virCommandRunAsync;
virCommandSetErrorBuffer;
virCommandSetErrorFD;
+virCommandSetGID;
virCommandSetInputBuffer;
virCommandSetInputFD;
virCommandSetOutputBuffer;
virCommandSetOutputFD;
virCommandSetPidFile;
virCommandSetPreExecHook;
+virCommandSetUID;
virCommandSetWorkingDirectory;
virCommandToString;
virCommandTransferFD;
diff --git a/src/util/vircommand.c b/src/util/vircommand.c
index ba81c14..84d275f 100644
--- a/src/util/vircommand.c
+++ b/src/util/vircommand.c
@@ -101,6 +101,8 @@ struct _virCommand {
char *pidfile;
bool reap;
+ uid_t uid;
+ gid_t gid;
unsigned long long capabilities;
};
@@ -605,6 +607,13 @@ virExec(virCommandPtr cmd)
goto fork_error;
}
+ if (cmd->uid != (uid_t)-1 || cmd->gid != (gid_t)-1) {
+ VIR_DEBUG("Setting child uid:gid to %d:%d",
+ (int)cmd->uid, (int)cmd->gid);
+ if (virSetUIDGID(cmd->uid, cmd->gid) < 0)
+ goto fork_error;
+ }
+
if (cmd->pwd) {
VIR_DEBUG("Running child in %s", cmd->pwd);
if (chdir(cmd->pwd) < 0) {
@@ -767,6 +776,8 @@ virCommandNewArgs(const char *const*args)
cmd->infd = cmd->outfd = cmd->errfd = -1;
cmd->inWatch = cmd->outWatch = cmd->errWatch = -1;
cmd->pid = -1;
+ cmd->uid = -1;
+ cmd->gid = -1;
virCommandAddArgSet(cmd, args);
@@ -905,6 +916,24 @@ virCommandSetPidFile(virCommandPtr cmd, const char *pidfile)
}
+void
+virCommandSetGID(virCommandPtr cmd, gid_t gid)
+{
+ if (!cmd || cmd->has_error)
+ return;
+
+ cmd->gid = gid;
+}
+
+void
+virCommandSetUID(virCommandPtr cmd, uid_t uid)
+{
+ if (!cmd || cmd->has_error)
+ return;
+
+ cmd->uid = uid;
+}
+
/**
* virCommandClearCaps:
* @cmd: the command to modify
diff --git a/src/util/vircommand.h b/src/util/vircommand.h
index c1a2e24..a4022fa 100644
--- a/src/util/vircommand.h
+++ b/src/util/vircommand.h
@@ -1,7 +1,7 @@
/*
* vircommand.h: Child command execution
*
- * Copyright (C) 2010-2011 Red Hat, Inc.
+ * Copyright (C) 2010-2013 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -61,6 +61,10 @@ void virCommandTransferFD(virCommandPtr cmd,
void virCommandSetPidFile(virCommandPtr cmd,
const char *pidfile) ATTRIBUTE_NONNULL(2);
+void virCommandSetGID(virCommandPtr cmd, gid_t gid);
+
+void virCommandSetUID(virCommandPtr cmd, uid_t uid);
+
void virCommandClearCaps(virCommandPtr cmd);
void virCommandAllowCap(virCommandPtr cmd,
--
1.8.1
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list