From 5e09aea7b07a683996863000bee0277f2e255f1c Mon Sep 17 00:00:00 2001 From: Jiri Denemark Date: Sun, 22 May 2011 17:05:07 +0300 Subject: [PATCH] Replace all remaining setgid/setuid calls with virSetUIDGID Two additional places need initgroups call to properly work in an environment where the UID is allowed to open/create stuff through its supplementary groups. --- src/storage/storage_backend.c | 15 ++------------- src/util/util.c | 22 ++-------------------- 2 files changed, 4 insertions(+), 33 deletions(-) diff --git a/src/storage/storage_backend.c b/src/storage/storage_backend.c index b423d110fc..02e455fac6 100644 --- a/src/storage/storage_backend.c +++ b/src/storage/storage_backend.c @@ -535,20 +535,9 @@ static int virStorageBuildSetUIDHook(void *data) { if (tmp->skip) return 0; - if ((vol->target.perms.gid != -1) - && (setgid(vol->target.perms.gid) != 0)) { - virReportSystemError(errno, - _("Cannot set gid to %u before creating %s"), - vol->target.perms.gid, vol->target.path); + if (virSetUIDGID(vol->target.perms.uid, vol->target.perms.gid) < 0) return -1; - } - if ((vol->target.perms.uid != -1) - && (setuid(vol->target.perms.uid) != 0)) { - virReportSystemError(errno, - _("Cannot set uid to %u before creating %s"), - vol->target.perms.uid, vol->target.path); - return -1; - } + return 0; } diff --git a/src/util/util.c b/src/util/util.c index 0b4370b934..e221abeed5 100644 --- a/src/util/util.c +++ b/src/util/util.c @@ -1476,18 +1476,8 @@ parenterror: /* set desired uid/gid, then attempt to create the file */ - if ((gid != 0) && (setgid(gid) != 0)) { + if (virSetUIDGID(uid, gid) < 0) { ret = -errno; - virReportSystemError(errno, - _("cannot set gid %u creating '%s'"), - (unsigned int) gid, path); - goto childerror; - } - if ((uid != 0) && (setuid(uid) != 0)) { - ret = -errno; - virReportSystemError(errno, - _("cannot set uid %u creating '%s'"), - (unsigned int) uid, path); goto childerror; } if ((fd = open(path, openflags, mode)) < 0) { @@ -1595,16 +1585,8 @@ parenterror: /* set desired uid/gid, then attempt to create the directory */ - if ((gid != 0) && (setgid(gid) != 0)) { + if (virSetUIDGID(uid, gid) < 0) { ret = -errno; - virReportSystemError(errno, _("cannot set gid %u creating '%s'"), - (unsigned int) gid, path); - goto childerror; - } - if ((uid != 0) && (setuid(uid) != 0)) { - ret = -errno; - virReportSystemError(errno, _("cannot set uid %u creating '%s'"), - (unsigned int) uid, path); goto childerror; } if (mkdir(path, mode) < 0) {