Replace all remaining setgid/setuid calls with virSetUIDGID

Two additional places need initgroups call to properly work in an environment where the UID is allowed to open/create stuff through its supplementary groups.

Replace all remaining setgid/setuid calls with virSetUIDGID
Two additional places need initgroups call to properly work in an environment where the UID is allowed to open/create stuff through its supplementary groups.
5e09aea7 · Jiri Denemark · 4dd9c161 · 5e09aea7 · 5e09aea7
隐藏空白更改
内联并排

Showing with 4 addition and 33 deletion

src/storage/storage_backend.c src/storage/storage_backend.c +2 -13

src/util/util.c src/util/util.c +2 -20

未找到文件。
--- a/src/storage/storage_backend.c
+++ b/src/storage/storage_backend.c
@@ -535,20 +535,9 @@ static int virStorageBuildSetUIDHook(void *data) {
    if (tmp->skip)
        return 0;

-    if ((vol->target.perms.gid != -1)
-        && (setgid(vol->target.perms.gid) != 0)) {
-        virReportSystemError(errno,
-                             _("Cannot set gid to %u before creating %s"),
-                             vol->target.perms.gid, vol->target.path);
-        return -1;
-    }
-    if ((vol->target.perms.uid != -1)
-        && (setuid(vol->target.perms.uid) != 0)) {
-        virReportSystemError(errno,
-                             _("Cannot set uid to %u before creating %s"),
-                             vol->target.perms.uid, vol->target.path);
+    if (virSetUIDGID(vol->target.perms.uid, vol->target.perms.gid) < 0)
        return -1;
-    }
+
    return 0;
 }


--- a/src/util/util.c
+++ b/src/util/util.c
@@ -1476,18 +1476,8 @@ parenterror:

    /* set desired uid/gid, then attempt to create the file */

-    if ((gid != 0) && (setgid(gid) != 0)) {
+    if (virSetUIDGID(uid, gid) < 0) {
        ret = -errno;
-        virReportSystemError(errno,
-                             _("cannot set gid %u creating '%s'"),
-                             (unsigned int) gid, path);
-        goto childerror;
-    }
-    if  ((uid != 0) && (setuid(uid) != 0)) {
-        ret = -errno;
-        virReportSystemError(errno,
-                             _("cannot set uid %u creating '%s'"),
-                             (unsigned int) uid, path);
        goto childerror;
    }
    if ((fd = open(path, openflags, mode)) < 0) {
@@ -1595,16 +1585,8 @@ parenterror:

    /* set desired uid/gid, then attempt to create the directory */

-    if ((gid != 0) && (setgid(gid) != 0)) {
-        ret = -errno;
-        virReportSystemError(errno, _("cannot set gid %u creating '%s'"),
-                             (unsigned int) gid, path);
-        goto childerror;
-    }
-    if  ((uid != 0) && (setuid(uid) != 0)) {
+    if (virSetUIDGID(uid, gid) < 0) {
        ret = -errno;
-        virReportSystemError(errno, _("cannot set uid %u creating '%s'"),
-                             (unsigned int) uid, path);
        goto childerror;
    }
    if (mkdir(path, mode) < 0) {