diff options
author | Lennart Poettering <lennart@poettering.net> | 2010-03-31 16:25:33 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2010-03-31 16:25:33 +0200 |
commit | 693ced48727b3e40defd95147148a361acd7dcce (patch) | |
tree | 31441eec117bf46a48aa04dbcfe615e8636ad0d0 /execute.c | |
parent | 5021be21bfc2a3a23a09d60d98e2dcdd1cf504fe (diff) |
execute: try to suppress PR_SET_SECUREBITS if unnecessary
Diffstat (limited to 'execute.c')
-rw-r--r-- | execute.c | 23 |
1 files changed, 16 insertions, 7 deletions
@@ -461,9 +461,13 @@ static int enforce_user(const ExecContext *context, uid_t uid) { /* First step: If we need to keep capabilities but * drop privileges we need to make sure we keep our * caps, whiel we drop priviliges. */ - if (uid != 0) - if (prctl(PR_SET_SECUREBITS, context->secure_bits|SECURE_KEEP_CAPS) < 0) - return -errno; + if (uid != 0) { + int sb = context->secure_bits|SECURE_KEEP_CAPS; + + if (prctl(PR_GET_SECUREBITS) != sb) + if (prctl(PR_SET_SECUREBITS, sb) < 0) + return -errno; + } /* Second step: set the capabilites. This will reduce * the capabilities to the minimum we need. */ @@ -671,10 +675,15 @@ int exec_spawn(const ExecCommand *command, goto fail; } - if (prctl(PR_SET_SECUREBITS, context->secure_bits) < 0) { - r = EXIT_SECUREBITS; - goto fail; - } + /* PR_GET_SECUREBITS is not priviliged, while + * PR_SET_SECUREBITS is. So to suppress + * potential EPERMs we'll try not to call + * PR_SET_SECUREBITS unless necessary. */ + if (prctl(PR_GET_SECUREBITS) != context->secure_bits) + if (prctl(PR_SET_SECUREBITS, context->secure_bits) < 0) { + r = EXIT_SECUREBITS; + goto fail; + } if (context->capabilities) if (cap_set_proc(context->capabilities) < 0) { |