util: add virCommandSetUID and virCommandSetGID

If a uid and/or gid is specified for a command, it will be set just after the user-supplied post-fork "hook" function is called. The intent is that this can replace user hook functions that set uid/gid. This moves the setting of uid/gid and dropping of capabilities closer to each other, which is important since the two should really be done at the same time (libcapng provides a single function that does both, which we will be unable to use, but want to mimic as closely as possible).
2025-01-11 07:17:44 +00:00 · 2013-01-30 14:47:56 -05:00 · 2013-01-30 14:47:56 -05:00 · 417182b072
commit 417182b072
parent ad5cb11be6
3 changed files with 36 additions and 1 deletions
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@ -158,12 +158,14 @@ virCommandRun;
 virCommandRunAsync;
 virCommandSetErrorBuffer;
 virCommandSetErrorFD;
+virCommandSetGID;
 virCommandSetInputBuffer;
 virCommandSetInputFD;
 virCommandSetOutputBuffer;
 virCommandSetOutputFD;
 virCommandSetPidFile;
 virCommandSetPreExecHook;
+virCommandSetUID;
 virCommandSetWorkingDirectory;
 virCommandToString;
 virCommandTransferFD;
--- a/src/util/vircommand.c
+++ b/src/util/vircommand.c
@ -100,6 +100,8 @@ struct _virCommand {
    char *pidfile;
    bool reap;

+    uid_t uid;
+    gid_t gid;
    unsigned long long capabilities;
 };

@ -604,6 +606,13 @@ virExec(virCommandPtr cmd)
           goto fork_error;
    }

+    if (cmd->uid != (uid_t)-1 || cmd->gid != (gid_t)-1) {
+        VIR_DEBUG("Setting child uid:gid to %d:%d",
+                  (int)cmd->uid, (int)cmd->gid);
+        if (virSetUIDGID(cmd->uid, cmd->gid) < 0)
+            goto fork_error;
+    }
+
    if (cmd->pwd) {
        VIR_DEBUG("Running child in %s", cmd->pwd);
        if (chdir(cmd->pwd) < 0) {
@ -765,6 +774,8 @@ virCommandNewArgs(const char *const*args)

    cmd->infd = cmd->inpipe = cmd->outfd = cmd->errfd = -1;
    cmd->pid = -1;
+    cmd->uid = -1;
+    cmd->gid = -1;

    virCommandAddArgSet(cmd, args);

@ -903,6 +914,24 @@ virCommandSetPidFile(virCommandPtr cmd, const char *pidfile)
 }


+void
+virCommandSetGID(virCommandPtr cmd, gid_t gid)
+{
+    if (!cmd || cmd->has_error)
+        return;
+
+    cmd->gid = gid;
+}
+
+void
+virCommandSetUID(virCommandPtr cmd, uid_t uid)
+{
+    if (!cmd || cmd->has_error)
+        return;
+
+    cmd->uid = uid;
+}
+
 /**
 * virCommandClearCaps:
 * @cmd: the command to modify
--- a/src/util/vircommand.h
+++ b/src/util/vircommand.h
@ -1,7 +1,7 @@
 /*
 * vircommand.h: Child command execution
 *
- * Copyright (C) 2010-2011 Red Hat, Inc.
+ * Copyright (C) 2010-2013 Red Hat, Inc.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@ -61,6 +61,10 @@ void virCommandTransferFD(virCommandPtr cmd,
 void virCommandSetPidFile(virCommandPtr cmd,
                          const char *pidfile) ATTRIBUTE_NONNULL(2);

+void virCommandSetGID(virCommandPtr cmd, gid_t gid);
+
+void virCommandSetUID(virCommandPtr cmd, uid_t uid);
+
 void virCommandClearCaps(virCommandPtr cmd);

 void virCommandAllowCap(virCommandPtr cmd,