diff options
| author | Lennart Poettering <lennart@poettering.net> | 2011-07-01 23:53:14 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2011-07-01 23:53:14 +0200 |
| commit | 5c94603d4c011d35026251994d77a0bf2e56c593 (patch) | |
| tree | 476e0114923d253287dfd1acc30440ee0c21059a | |
| parent | 687d0825a4636b1841dc0c01fbcbf3160dddab74 (diff) | |
nspawn: better use setresuid() instead of setreuid()
| -rw-r--r-- | TODO | 2 | ||||
| -rw-r--r-- | src/nspawn.c | 8 |
2 files changed, 6 insertions, 4 deletions
@@ -77,6 +77,8 @@ Features: controllers together in order to guarantee atomic creation/addition of cgroups +* don't enter "exited" mode for sysv services with pid file + * avoid DefaultStandardOutput=syslog to have any effect on StandardInput=socket services * cgroup_notify_empty(): recursively check groups up the tree, too diff --git a/src/nspawn.c b/src/nspawn.c index bead9eea2b..50d7c2e289 100644 --- a/src/nspawn.c +++ b/src/nspawn.c @@ -797,12 +797,12 @@ int main(int argc, char *argv[]) { goto child_fail; } - if (setregid(gid, gid) < 0) { + if (setresgid(gid, gid, gid) < 0) { log_error("setregid() failed: %m"); goto child_fail; } - if (setreuid(uid, uid) < 0) { + if (setresuid(uid, uid, uid) < 0) { log_error("setreuid() failed: %m"); goto child_fail; } @@ -811,7 +811,7 @@ int main(int argc, char *argv[]) { if ((asprintf((char**)(envp + 2), "HOME=%s", home? home: "/root") < 0) || (asprintf((char**)(envp + 3), "USER=%s", arg_user? arg_user : "root") < 0) || (asprintf((char**)(envp + 4), "LOGNAME=%s", arg_user? arg_user : "root") < 0)) { - log_error("environment setup failed: %m"); + log_error("Out of memory"); goto child_fail; } @@ -821,7 +821,7 @@ int main(int argc, char *argv[]) { if (argc > optind) execvpe(argv[optind], argv + optind, (char**) envp); else { - chdir(home? home : "/root"); + chdir(home ? home : "/root"); execle("/bin/bash", "-bash", NULL, (char**) envp); } |