#include <sys/types.h>
#include <sys/socket.h>
#include <sys/stat.h>
+#include <grp.h>
#include <net/if.h>
#include <unistd.h>
#include <stdint.h>
if (!in->pidfile)
return 0;
if (unlink(in->pidfile)) {
- ERROR("Failed to removed pidfile: %s: %m\n",
- in->pidfile);
+ ERROR("Failed to removed pidfile: %s: %m\n", in->pidfile);
return 1;
}
return 0;
}
_pidfile = fopen(in->pidfile, "w");
if (_pidfile == NULL) {
- ERROR("failed to open pidfile for writing: %s: %m",
- in->pidfile);
+ ERROR("failed to open pidfile for writing: %s: %m", in->pidfile);
return 1;
}
if (fprintf(_pidfile, "%d\n", in->proc.pid) < 0) {
- ERROR("failed to write pidfile: %s: %m",
- in->pidfile);
+ ERROR("failed to write pidfile: %s: %m", in->pidfile);
fclose(_pidfile);
return 2;
}
if (fclose(_pidfile)) {
- ERROR("failed to close pidfile: %s: %m",
- in->pidfile);
+ ERROR("failed to close pidfile: %s: %m", in->pidfile);
return 3;
}
struct blobmsg_list_node *var;
struct blob_attr *cur;
char **argv;
- char *ld_preload;
int argc = 1; /* NULL terminated */
int rem, _stdin;
bool seccomp = !in->trace && !in->has_jail && in->seccomp;
if (seccomp)
setenv("SECCOMP_FILE", in->seccomp, 1);
- if (setlbf && asprintf(&ld_preload, "LD_PRELOAD=/lib/libsetlbf.so") > 0)
- putenv(ld_preload);
+ if (setlbf)
+ setenv("LD_PRELOAD", "/lib/libsetlbf.so", 1);
blobmsg_list_for_each(&in->limits, var)
instance_limits(blobmsg_name(var->data), blobmsg_data(var->data));
closefd(_stderr);
}
+ if (in->user && in->gid && initgroups(in->user, in->gid)) {
+ ERROR("failed to initgroups() for user %s: %m\n", in->user);
+ exit(127);
+ }
if (in->gid && setgid(in->gid)) {
ERROR("failed to set group id %d: %m\n", in->gid);
exit(127);
uloop_timeout_set(&in->timeout, in->term_timeout * 1000);
}
+static bool string_changed(const char *a, const char *b)
+{
+ return !((!a && !b) || (a && b && !strcmp(a, b)));
+}
+
static bool
instance_config_changed(struct service_instance *in, struct service_instance *in_new)
{
if (in->nice != in_new->nice)
return true;
- if (in->uid != in_new->uid)
+ if (string_changed(in->user, in_new->user))
return true;
- if (in->gid != in_new->gid)
+ if (in->uid != in_new->uid)
return true;
- if (in->pidfile && in_new->pidfile)
- if (strcmp(in->pidfile, in_new->pidfile))
- return true;
-
- if (in->pidfile && !in_new->pidfile)
+ if (in->gid != in_new->gid)
return true;
- if (!in->pidfile && in_new->pidfile)
+ if (string_changed(in->pidfile, in_new->pidfile))
return true;
if (in->respawn_retry != in_new->respawn_retry)
}
if (tb[INSTANCE_ATTR_USER]) {
- struct passwd *p = getpwnam(blobmsg_get_string(tb[INSTANCE_ATTR_USER]));
+ const char *user = blobmsg_get_string(tb[INSTANCE_ATTR_USER]);
+ struct passwd *p = getpwnam(user);
if (p) {
+ in->user = strdup(user);
in->uid = p->pw_uid;
in->gid = p->pw_gid;
}
watch_del(in);
instance_config_cleanup(in);
free(in->config);
+ free(in->user);
free(in);
}