diff options
| author |   Lennart Poettering <lennart@poettering.net> | 2015-05-20 14:41:39 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2015-05-20 14:41:39 +0200 |
| commit | b4da6d6bec4d303f90d957b2cf7d4eed678b1791 (patch) | |
| tree | 2393242479acf166119906995bf407a4b7a3e39a | |
| parent | journald: handle more gracefully when bind() fails on audit sockets (diff) | |
| download | systemd-b4da6d6bec4d303f90d957b2cf7d4eed678b1791.tar.gz systemd-b4da6d6bec4d303f90d957b2cf7d4eed678b1791.tar.bz2 systemd-b4da6d6bec4d303f90d957b2cf7d4eed678b1791.zip | |
util: introduce reset_uid_gid() for resetting all uids and gids to 0
| -rw-r--r-- | src/shared/util.c | 25 | ||||
| -rw-r--r-- | src/shared/util.h | 2 |
2 files changed, 17 insertions, 10 deletions
diff --git a/src/shared/util.c b/src/shared/util.c index c3b08bbc4..5f5cfcb01 100644 --- a/src/shared/util.c +++ b/src/shared/util.c @@ -4686,16 +4686,7 @@ int namespace_enter(int pidns_fd, int mntns_fd, int netns_fd, int root_fd) { return -errno; } - if (setresgid(0, 0, 0) < 0) - return -errno; - - if (setgroups(0, NULL) < 0) - return -errno; - - if (setresuid(0, 0, 0) < 0) - return -errno; - - return 0; + return reset_uid_gid(); } int getpeercred(int fd, struct ucred *ucred) { @@ -6247,3 +6238,17 @@ int mount_move_root(const char *path) { return 0; } + +int reset_uid_gid(void) { + + if (setgroups(0, NULL) < 0) + return -errno; + + if (setresgid(0, 0, 0) < 0) + return -errno; + + if (setresuid(0, 0, 0) < 0) + return -errno; + + return 0; +} diff --git a/src/shared/util.h b/src/shared/util.h index f0382f0d6..24a267284 100644 --- a/src/shared/util.h +++ b/src/shared/util.h @@ -908,3 +908,5 @@ char *shell_maybe_quote(const char *s); int parse_mode(const char *s, mode_t *ret); int mount_move_root(const char *path); + +int reset_uid_gid(void); |