Split checking for root from dropping root privilege
check_root() both checks to see if we are root (in the init namespace), and if we are drops to an unprivileged user. To make future cleanups simpler, split the checking for root (now in check_root()) from the actual dropping of privilege (now in drop_root()). Note that this does slightly alter semantics. Previously we would only setuid() if we were originally root (in the init namespace). Now we will always setuid() and setgid(), though it won't actually change anything if we weren't privileged to begin with. This also means that we will now always attempt to switch to the user specified with --runas, even if we aren't (init namespace) root to begin with. Obviously this will fail with an error if we weren't privileged to start with. --help and the man page are updated accordingly. Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
This commit is contained in:
David Gibson
committed by
Stefano Brivio
Stefano Brivio
parent
7330ae3abf
commit
10c6347747
1
util.h
1
util.h
@@ -235,6 +235,7 @@ void procfs_scan_listen(struct ctx *c, uint8_t proto, int ip_version, int ns,
|
||||
uint8_t *map, uint8_t *exclude);
|
||||
void drop_caps(void);
|
||||
void check_root(uid_t *uid, gid_t *gid);
|
||||
void drop_root(uid_t uid, gid_t gid);
|
||||
int ns_enter(const struct ctx *c);
|
||||
void write_pidfile(int fd, pid_t pid);
|
||||
int __daemon(int pidfile_fd, int devnull_fd);
|
||||
|
||||
Reference in New Issue
Block a user