From 5c94603d4c011d35026251994d77a0bf2e56c593 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 1 Jul 2011 23:53:14 +0200 Subject: [PATCH] nspawn: better use setresuid() instead of setreuid() --- TODO | 2 ++ src/nspawn.c | 8 ++++---- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/TODO b/TODO index 5901a90c..92c90eec 100644 --- a/TODO +++ b/TODO @@ -77,6 +77,8 @@ Features: controllers together in order to guarantee atomic creation/addition of cgroups +* don't enter "exited" mode for sysv services with pid file + * avoid DefaultStandardOutput=syslog to have any effect on StandardInput=socket services * cgroup_notify_empty(): recursively check groups up the tree, too diff --git a/src/nspawn.c b/src/nspawn.c index bead9eea..50d7c2e2 100644 --- a/src/nspawn.c +++ b/src/nspawn.c @@ -797,12 +797,12 @@ int main(int argc, char *argv[]) { goto child_fail; } - if (setregid(gid, gid) < 0) { + if (setresgid(gid, gid, gid) < 0) { log_error("setregid() failed: %m"); goto child_fail; } - if (setreuid(uid, uid) < 0) { + if (setresuid(uid, uid, uid) < 0) { log_error("setreuid() failed: %m"); goto child_fail; } @@ -811,7 +811,7 @@ int main(int argc, char *argv[]) { if ((asprintf((char**)(envp + 2), "HOME=%s", home? home: "/root") < 0) || (asprintf((char**)(envp + 3), "USER=%s", arg_user? arg_user : "root") < 0) || (asprintf((char**)(envp + 4), "LOGNAME=%s", arg_user? arg_user : "root") < 0)) { - log_error("environment setup failed: %m"); + log_error("Out of memory"); goto child_fail; } @@ -821,7 +821,7 @@ int main(int argc, char *argv[]) { if (argc > optind) execvpe(argv[optind], argv + optind, (char**) envp); else { - chdir(home? home : "/root"); + chdir(home ? home : "/root"); execle("/bin/bash", "-bash", NULL, (char**) envp); } -- 2.39.5