Re: [PATCH v2 4/6] Add API to get the system identity

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Mar 13, 2013 at 15:24:03 +0000, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
> 
> If no user identity is available, some operations may wish to
> use the system identity. ie the identity of the current process
> itself. Add an API to get such an identity.
> 
> Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
> ---
>  src/util/viridentity.c | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++
>  src/util/viridentity.h |  2 ++
>  2 files changed, 73 insertions(+)
> 
> diff --git a/src/util/viridentity.c b/src/util/viridentity.c
> index acb0cb9..1c43081 100644
> --- a/src/util/viridentity.c
> +++ b/src/util/viridentity.c
...
> @@ -116,6 +122,71 @@ int virIdentitySetCurrent(virIdentityPtr ident)
>  
>  
>  /**
> + * virIdentityGetSystem:
> + *
> + * Returns an identity that represents the system itself.
> + * This is the identity that the process is running as
> + *
> + * Returns a reference to the system identity, or NULL
> + */
> +virIdentityPtr virIdentityGetSystem(void)
> +{
> +    char *username = NULL;
> +    char *groupname = NULL;
> +    char *seccontext = NULL;
> +    virIdentityPtr ret = NULL;
> +    gid_t gid = getgid();
> +    uid_t uid = getuid();
> +#if HAVE_SELINUX
> +    security_context_t con;
> +#endif
> +
> +    if (!(username = virGetUserName(uid)))
> +        goto cleanup;
> +    if (!(groupname = virGetGroupName(gid)))
> +        goto cleanup;

Quite cosmetic, but is there any reason why we use uid/gid variables
rather than calling getuid/getgid directly here?

> +
> +#if HAVE_SELINUX
> +    if (getcon(&con) < 0) {
> +        virReportSystemError(errno, "%s",
> +                             _("Unable to lookup SELinux process context"));
> +        goto cleanup;
> +    }
> +    seccontext = strdup(con);
> +    freecon(con);
> +    if (!seccontext) {
> +        virReportOOMError();
> +        goto cleanup;
> +    }
> +#endif
> +
> +    if (!(ret = virIdentityNew()))
> +        goto cleanup;
> +
> +    if (username &&
> +        virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_UNIX_USER_NAME, username) < 0)
> +        goto error;
> +    if (groupname &&
> +        virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_UNIX_GROUP_NAME, groupname) < 0)
> +        goto error;
> +    if (seccontext &&
> +        virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_SECURITY_CONTEXT, seccontext) < 0)
> +        goto error;

All three lines with virIdentitySetAttr() calls are too long.

> +
> +cleanup:
> +    VIR_FREE(username);
> +    VIR_FREE(groupname);
> +    VIR_FREE(seccontext);
> +    return ret;
> +
> +error:
> +    virObjectUnref(ret);
> +    ret = NULL;
> +    goto cleanup;
> +}
> +
> +
> +/**
>   * virIdentityNew:
>   *
>   * Creates a new empty identity object. After creating, one or

ACK

Jirka

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]