projects
/
project
/
procd.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
service: initialize supplementary group ids
[project/procd.git]
/
service
/
instance.c
diff --git
a/service/instance.c
b/service/instance.c
index
ecbb6ea
..
917b003
100644
(file)
--- a/
service/instance.c
+++ b/
service/instance.c
@@
-17,6
+17,7
@@
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/stat.h>
+#include <grp.h>
#include <net/if.h>
#include <unistd.h>
#include <stdint.h>
#include <net/if.h>
#include <unistd.h>
#include <stdint.h>
@@
-347,6
+348,10
@@
instance_run(struct service_instance *in, int _stdout, int _stderr)
closefd(_stderr);
}
closefd(_stderr);
}
+ if (in->user && in->gid && initgroups(in->user, in->gid)) {
+ ERROR("failed to initgroups() for user %s: %m\n", in->user);
+ exit(127);
+ }
if (in->gid && setgid(in->gid)) {
ERROR("failed to set group id %d: %m\n", in->gid);
exit(127);
if (in->gid && setgid(in->gid)) {
ERROR("failed to set group id %d: %m\n", in->gid);
exit(127);
@@
-587,6
+592,11
@@
instance_restart(struct service_instance *in)
uloop_timeout_set(&in->timeout, in->term_timeout * 1000);
}
uloop_timeout_set(&in->timeout, in->term_timeout * 1000);
}
+static bool string_changed(const char *a, const char *b)
+{
+ return !((!a && !b) || (a && b && !strcmp(a, b)));
+}
+
static bool
instance_config_changed(struct service_instance *in, struct service_instance *in_new)
{
static bool
instance_config_changed(struct service_instance *in, struct service_instance *in_new)
{
@@
-608,20
+618,16
@@
instance_config_changed(struct service_instance *in, struct service_instance *in
if (in->nice != in_new->nice)
return true;
if (in->nice != in_new->nice)
return true;
- if (
in->uid != in_new->uid
)
+ if (
string_changed(in->user, in_new->user)
)
return true;
return true;
- if (in->
gid != in_new->g
id)
+ if (in->
uid != in_new->u
id)
return true;
return true;
- if (in->pidfile && in_new->pidfile)
- if (strcmp(in->pidfile, in_new->pidfile))
- return true;
-
- if (in->pidfile && !in_new->pidfile)
+ if (in->gid != in_new->gid)
return true;
return true;
- if (
!in->pidfile && in_new->pidfile
)
+ if (
string_changed(in->pidfile, in_new->pidfile)
)
return true;
if (in->respawn_retry != in_new->respawn_retry)
return true;
if (in->respawn_retry != in_new->respawn_retry)
@@
-864,8
+870,10
@@
instance_config_parse(struct service_instance *in)
}
if (tb[INSTANCE_ATTR_USER]) {
}
if (tb[INSTANCE_ATTR_USER]) {
- struct passwd *p = getpwnam(blobmsg_get_string(tb[INSTANCE_ATTR_USER]));
+ const char *user = blobmsg_get_string(tb[INSTANCE_ATTR_USER]);
+ struct passwd *p = getpwnam(user);
if (p) {
if (p) {
+ in->user = strdup(user);
in->uid = p->pw_uid;
in->gid = p->pw_gid;
}
in->uid = p->pw_uid;
in->gid = p->pw_gid;
}
@@
-984,6
+992,7
@@
instance_free(struct service_instance *in)
watch_del(in);
instance_config_cleanup(in);
free(in->config);
watch_del(in);
instance_config_cleanup(in);
free(in->config);
+ free(in->user);
free(in);
}
free(in);
}