[libvirt] [PATCH 2/2] Replace all remaining setgid/setuid calls with virSetUIDGID

Laine Stump laine at laine.org
Mon May 23 16:55:45 UTC 2011


On 05/22/2011 10:55 AM, Jiri Denemark wrote:
> Two additional places need initgroups call to properly work in an
> environment where the UID is allowed to open/create stuff through its
> supplementary groups.
> ---
>   src/storage/storage_backend.c |   15 ++-------------
>   src/util/util.c               |   22 ++--------------------
>   2 files changed, 4 insertions(+), 33 deletions(-)
>
> diff --git a/src/storage/storage_backend.c b/src/storage/storage_backend.c
> index f90425a..a209f88 100644
> --- a/src/storage/storage_backend.c
> +++ b/src/storage/storage_backend.c
> @@ -535,20 +535,9 @@ static int virStorageBuildSetUIDHook(void *data) {
>       if (tmp->skip)
>           return 0;
>
> -    if ((vol->target.perms.gid != -1)
> -&&  (setgid(vol->target.perms.gid) != 0)) {
> -        virReportSystemError(errno,
> -                             _("Cannot set gid to %u before creating %s"),
> -                             vol->target.perms.gid, vol->target.path);
> -        return -1;
> -    }
> -    if ((vol->target.perms.uid != -1)
> -&&  (setuid(vol->target.perms.uid) != 0)) {
> -        virReportSystemError(errno,
> -                             _("Cannot set uid to %u before creating %s"),
> -                             vol->target.perms.uid, vol->target.path);
> +    if (virSetUIDGID(vol->target.perms.uid, vol->target.perms.gid)<  0)
>           return -1;
> -    }
> +
>       return 0;
>   }
>
> diff --git a/src/util/util.c b/src/util/util.c
> index 0b4370b..e221abe 100644
> --- a/src/util/util.c
> +++ b/src/util/util.c
> @@ -1476,18 +1476,8 @@ parenterror:
>
>       /* set desired uid/gid, then attempt to create the file */
>
> -    if ((gid != 0)&&  (setgid(gid) != 0)) {
> +    if (virSetUIDGID(uid, gid)<  0) {
>           ret = -errno;
> -        virReportSystemError(errno,
> -                             _("cannot set gid %u creating '%s'"),
> -                             (unsigned int) gid, path);
> -        goto childerror;
> -    }
> -    if  ((uid != 0)&&  (setuid(uid) != 0)) {
> -        ret = -errno;
> -        virReportSystemError(errno,
> -                             _("cannot set uid %u creating '%s'"),
> -                             (unsigned int) uid, path);
>           goto childerror;
>       }
>       if ((fd = open(path, openflags, mode))<  0) {
> @@ -1595,16 +1585,8 @@ parenterror:
>
>       /* set desired uid/gid, then attempt to create the directory */
>
> -    if ((gid != 0)&&  (setgid(gid) != 0)) {
> -        ret = -errno;
> -        virReportSystemError(errno, _("cannot set gid %u creating '%s'"),
> -                             (unsigned int) gid, path);
> -        goto childerror;
> -    }
> -    if  ((uid != 0)&&  (setuid(uid) != 0)) {
> +    if (virSetUIDGID(uid, gid)<  0) {
>           ret = -errno;
> -        virReportSystemError(errno, _("cannot set uid %u creating '%s'"),
> -                             (unsigned int) uid, path);
>           goto childerror;
>       }
>       if (mkdir(path, mode)<  0) {

ACK.




More information about the libvir-list mailing list