On 02/12/2013 01:15 PM, Laine Stump wrote: > Normally when a process' uid is changed to non-0, all the capabilities > bits are cleared, even those explicitly set with calls to > capng_update()/capng_apply() made immediately before setuid. And > *after* the process' uid has been changed, it no longer has the > necessary privileges to add capabilities back to the process. > > Because the modification/maintaining of capabilities is intermingled > with setting the uid, this is necessarily done in a single function, > rather than having two independent functions. > > Note that, due to the way that effective capabilities are computed (at > time of execve) for a process that has uid != 0, the *file* > capabilities of the binary being executed must also have the desired > capabilities bit(s) set (see "man 7 capabilities"). This can be done > with the "filecap" command. (e.g. "filecap /usr/bin/qemu-kvm sys_rawio"). > --- > Change from V1: > * properly cast when comparing gid/uid, and only short circuit for -1 (not 0) > * fix // style comments > * add ATTRIBUTE_UNUSED where appropriate for capBits argument. ACK with nits fixed: > @@ -2990,6 +2991,116 @@ virGetGroupName(gid_t gid ATTRIBUTE_UNUSED) > } > #endif /* HAVE_GETPWUID_R */ > > +#if WITH_CAPNG > +/* Set the real and effective uid and gid to the given values, while > + * maintaining the capabilities indicated by bits in @capBits. return s/return/Return/ -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list