util: add virCommandSetUID and virCommandSetGID

If a uid and/or gid is specified for a command, it will be set just
after the user-supplied post-fork "hook" function is called.

The intent is that this can replace user hook functions that set
uid/gid. This moves the setting of uid/gid and dropping of
capabilities closer to each other, which is important since the two
should really be done at the same time (libcapng provides a single
function that does both, which we will be unable to use, but want to
mimic as closely as possible).

diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index b9d45a200c436292bc7ac6a804989445ab6acb7f..511a686f0f13d129889940e3766e88b4ae49d6c7 100644 (file)
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -158,12 +158,14 @@ virCommandRun;
 virCommandRunAsync;
 virCommandSetErrorBuffer;
 virCommandSetErrorFD;
+virCommandSetGID;
 virCommandSetInputBuffer;
 virCommandSetInputFD;
 virCommandSetOutputBuffer;
 virCommandSetOutputFD;
 virCommandSetPidFile;
 virCommandSetPreExecHook;
+virCommandSetUID;
 virCommandSetWorkingDirectory;
 virCommandToString;
 virCommandTransferFD;

diff --git a/src/util/vircommand.c b/src/util/vircommand.c
index 0fb740daaabbcf2256ab4fb0bf63131bb7978536..dd442abc54cf7ee3bec55e375f94c80f8e310e9d 100644 (file)
--- a/src/util/vircommand.c
+++ b/src/util/vircommand.c
@@ -100,6 +100,8 @@ struct _virCommand {
     char *pidfile;
     bool reap;
 
+    uid_t uid;
+    gid_t gid;
     unsigned long long capabilities;
 };
 
@@ -604,6 +606,13 @@ virExec(virCommandPtr cmd)
            goto fork_error;
     }
 
+    if (cmd->uid != (uid_t)-1 || cmd->gid != (gid_t)-1) {
+        VIR_DEBUG("Setting child uid:gid to %d:%d",
+                  (int)cmd->uid, (int)cmd->gid);
+        if (virSetUIDGID(cmd->uid, cmd->gid) < 0)
+            goto fork_error;
+    }
+
     if (cmd->pwd) {
         VIR_DEBUG("Running child in %s", cmd->pwd);
         if (chdir(cmd->pwd) < 0) {
@@ -765,6 +774,8 @@ virCommandNewArgs(const char *const*args)
 
     cmd->infd = cmd->inpipe = cmd->outfd = cmd->errfd = -1;
     cmd->pid = -1;
+    cmd->uid = -1;
+    cmd->gid = -1;
 
     virCommandAddArgSet(cmd, args);
 
@@ -903,6 +914,24 @@ virCommandSetPidFile(virCommandPtr cmd, const char *pidfile)
 }
 
 
+void
+virCommandSetGID(virCommandPtr cmd, gid_t gid)
+{
+    if (!cmd || cmd->has_error)
+        return;
+
+    cmd->gid = gid;
+}
+
+void
+virCommandSetUID(virCommandPtr cmd, uid_t uid)
+{
+    if (!cmd || cmd->has_error)
+        return;
+
+    cmd->uid = uid;
+}
+
 /**
  * virCommandClearCaps:
  * @cmd: the command to modify

diff --git a/src/util/vircommand.h b/src/util/vircommand.h
index c1a2e246ff103c131414bda69f141357ccc1b1a4..a4022fa0f1d1963f8393b8a508f68c6fc7b01b61 100644 (file)
--- a/src/util/vircommand.h
+++ b/src/util/vircommand.h
@@ -1,7 +1,7 @@
 /*
  * vircommand.h: Child command execution
  *
- * Copyright (C) 2010-2011 Red Hat, Inc.
+ * Copyright (C) 2010-2013 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -61,6 +61,10 @@ void virCommandTransferFD(virCommandPtr cmd,
 void virCommandSetPidFile(virCommandPtr cmd,
                           const char *pidfile) ATTRIBUTE_NONNULL(2);
 
+void virCommandSetGID(virCommandPtr cmd, gid_t gid);
+
+void virCommandSetUID(virCommandPtr cmd, uid_t uid);
+
 void virCommandClearCaps(virCommandPtr cmd);
 
 void virCommandAllowCap(virCommandPtr cmd,