External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-03-07 17:28:15 +00:00
Code

virGetGroupList: always include the primary group

Browse Source 
The change from initgroups to virGetGroupList/setgroups in
cab36cfe71ba83b71e536ba5c98e596f02b697b0 dropped the primary group from
processes group list iff the passed in group to virGetGroupList differs
from the user's primary group.

So always include the primary group to bring back the old behaviour.

Debian has the kvm group as primary group but uses
libvirt-qemu:libvirt-qemu as user:group to run the kvm process so
without this change the /dev/kvm is inaccessible.
This commit is contained in:
Guido Günther 2013-08-05 11:07:27 +02:00
parent 2df8d99138
commit 3d0e3c1a29
1 changed files with 29 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
src/util/virutil.c
View File

@ -983,29 +983,49 @@ virGetGroupID(const char *group, gid_t *gid)
} }
/* Compute the list of supplementary groups associated with @uid, and /* Compute the list of primary and supplementary groups associated
* including @gid in the list (unless it is -1), storing a malloc'd * with @uid, and including @gid in the list (unless it is -1),
* result into @list. Return the size of the list on success, or -1 * storing a malloc'd result into @list. Return the size of the list
* on failure with error reported and errno set. May not be called * on success, or -1 on failure with error reported and errno set. May
* between fork and exec. */ * not be called between fork and exec. */
int int
virGetGroupList(uid_t uid, gid_t gid, gid_t **list) virGetGroupList(uid_t uid, gid_t gid, gid_t **list)
{ {
int ret = -1; int ret = -1;
char *user = NULL; char *user = NULL;
gid_t primary;
*list = NULL; *list = NULL;
if (uid == (uid_t)-1) if (uid == (uid_t)-1)
return 0; return 0;
if (virGetUserEnt(uid, &user, if (virGetUserEnt(uid, &user, &primary, NULL) < 0)
gid == (gid_t)-1 ? &gid : NULL, NULL) < 0)
return -1; return -1;
ret = mgetgroups(user, gid, list); ret = mgetgroups(user, primary, list);
if (ret < 0) if (ret < 0) {
virReportSystemError(errno, virReportSystemError(errno,
_("cannot get group list for '%s'"), user); _("cannot get group list for '%s'"), user);
goto cleanup;
}
if (gid != (gid_t)-1) {
size_t n = ret;
for (size_t i = 0; i < ret; i++) {
if ((*list)[i] == gid)
goto cleanup;
}
if (VIR_APPEND_ELEMENT(*list, n, gid) < 0) {
ret = -1;
VIR_FREE(*list);
goto cleanup;
} else {
ret = n;
}
}
cleanup:
VIR_FREE(user); VIR_FREE(user);
return ret; return ret;
} }