diff options
| author | Lennart Poettering <lennart@poettering.net> | 2015-09-21 18:21:53 +0200 | 
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2015-09-21 18:21:53 +0200 | 
| commit | f1f679c5b680be14c1c83bc34d00ecf276927ba0 (patch) | |
| tree | 6d76fb54e5e74c958f81cb2a86528296ef08395d | |
| parent | 35bb18851a2b07d2b7ca65c6722012cdc3399a32 (diff) | |
| parent | 5bc7452b3219456e07f931e40da30bb94a884293 (diff) | |
Merge pull request #1320 from ronnychevalier/rc/core_fix_group_ownership
core: fix group ownership when Group is set
| -rw-r--r-- | src/core/execute.c | 20 | ||||
| -rw-r--r-- | src/test/test-execute.c | 8 | ||||
| -rw-r--r-- | test/exec-runtimedirectory-mode.service | 8 | ||||
| -rw-r--r-- | test/exec-runtimedirectory-owner.service | 9 | ||||
| -rw-r--r-- | test/exec-runtimedirectory.service | 7 | 
5 files changed, 43 insertions, 9 deletions
| diff --git a/src/core/execute.c b/src/core/execute.c index 3c308e3e3e..6e14848cd4 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -629,15 +629,6 @@ static int enforce_groups(const ExecContext *context, const char *username, gid_           * we avoid NSS lookups for gid=0. */          if (context->group || username) { - -                if (context->group) { -                        const char *g = context->group; - -                        r = get_group_creds(&g, &gid); -                        if (r < 0) -                                return r; -                } -                  /* First step, initialize groups from /etc/groups */                  if (username && gid != 0) {                          if (initgroups(username, gid) < 0) @@ -1414,6 +1405,17 @@ static int exec_child(                  }          } +        if (context->group) { +                const char *g = context->group; + +                r = get_group_creds(&g, &gid); +                if (r < 0) { +                        *exit_status = EXIT_GROUP; +                        return r; +                } +        } + +          /* If a socket is connected to STDIN/STDOUT/STDERR, we           * must sure to drop O_NONBLOCK */          if (socket_fd >= 0) diff --git a/src/test/test-execute.c b/src/test/test-execute.c index 0f4172e722..dd8ab7dcb8 100644 --- a/src/test/test-execute.c +++ b/src/test/test-execute.c @@ -137,6 +137,12 @@ static void test_exec_umask(Manager *m) {          test(m, "exec-umask-0177.service", 0, CLD_EXITED);  } +static void test_exec_runtimedirectory(Manager *m) { +        test(m, "exec-runtimedirectory.service", 0, CLD_EXITED); +        test(m, "exec-runtimedirectory-mode.service", 0, CLD_EXITED); +        test(m, "exec-runtimedirectory-owner.service", 0, CLD_EXITED); +} +  int main(int argc, char *argv[]) {          test_function_t tests[] = {                  test_exec_workingdirectory, @@ -150,6 +156,7 @@ int main(int argc, char *argv[]) {                  test_exec_group,                  test_exec_environment,                  test_exec_umask, +                test_exec_runtimedirectory,                  NULL,          };          test_function_t *test = NULL; @@ -165,6 +172,7 @@ int main(int argc, char *argv[]) {                  return EXIT_TEST_SKIP;          } +        assert_se(setenv("XDG_RUNTIME_DIR", "/tmp/", 1) == 0);          assert_se(set_unit_path(TEST_DIR) >= 0);          r = manager_new(MANAGER_USER, true, &m); diff --git a/test/exec-runtimedirectory-mode.service b/test/exec-runtimedirectory-mode.service new file mode 100644 index 0000000000..ba6d7ee39f --- /dev/null +++ b/test/exec-runtimedirectory-mode.service @@ -0,0 +1,8 @@ +[Unit] +Description=Test for RuntimeDirectoryMode + +[Service] +ExecStart=/bin/sh -c 's=$(stat -c %a /tmp/test-exec_runtimedirectory-mode); echo $s; exit $(test $s = "750")' +Type=oneshot +RuntimeDirectory=test-exec_runtimedirectory-mode +RuntimeDirectoryMode=0750 diff --git a/test/exec-runtimedirectory-owner.service b/test/exec-runtimedirectory-owner.service new file mode 100644 index 0000000000..077e08d1c5 --- /dev/null +++ b/test/exec-runtimedirectory-owner.service @@ -0,0 +1,9 @@ +[Unit] +Description=Test for RuntimeDirectory owner (must not be the default group of the user if Group is set) + +[Service] +ExecStart=/bin/sh -c 'f=/tmp/test-exec_runtimedirectory-owner;g=$(stat -c %G $f); echo "$g"; exit $(test $g = "nobody")' +Type=oneshot +Group=nobody +User=root +RuntimeDirectory=test-exec_runtimedirectory-owner diff --git a/test/exec-runtimedirectory.service b/test/exec-runtimedirectory.service new file mode 100644 index 0000000000..c12a6c63d6 --- /dev/null +++ b/test/exec-runtimedirectory.service @@ -0,0 +1,7 @@ +[Unit] +Description=Test for RuntimeDirectory + +[Service] +ExecStart=/bin/sh -c 'exit $(test -d /tmp/test-exec_runtimedirectory)' +Type=oneshot +RuntimeDirectory=test-exec_runtimedirectory | 
