Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Please login to access the resource
openSUSE:11.4:Update
kvm.853
kvm-qemu-preXX-os-posix-set-groups-properly-for...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File kvm-qemu-preXX-os-posix-set-groups-properly-for-runas.patch of Package kvm.853
From cc4662f9642995c78bed587707eeb9ad8500035b Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Date: Sat, 9 Jul 2011 10:22:07 +0100 Subject: [PATCH] os-posix: set groups properly for -runas Andrew Griffiths reports that -runas does not set supplementary group IDs. This means that gid 0 (root) is not dropped when switching to an unprivileged user. Add an initgroups(3) call to use the -runas user's /etc/groups membership to update the supplementary group IDs. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Acked-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Blue Swirl <blauwirbel@gmail.com> --- os-posix.c | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/os-posix.c b/os-posix.c index 7dfb278..6f8d488 100644 --- a/os-posix.c +++ b/os-posix.c @@ -31,6 +31,7 @@ /*needed for MAP_POPULATE before including qemu-options.h */ #include <sys/mman.h> #include <pwd.h> +#include <grp.h> #include <libgen.h> /* Needed early for CONFIG_BSD etc. */ @@ -199,6 +200,11 @@ static void change_process_uid(void) fprintf(stderr, "Failed to setgid(%d)\n", user_pwd->pw_gid); exit(1); } + if (initgroups(user_pwd->pw_name, user_pwd->pw_gid) < 0) { + fprintf(stderr, "Failed to initgroups(\"%s\", %d)\n", + user_pwd->pw_name, user_pwd->pw_gid); + exit(1); + } if (setuid(user_pwd->pw_uid) < 0) { fprintf(stderr, "Failed to setuid(%d)\n", user_pwd->pw_uid); exit(1); -- 1.7.7
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor