diff options
| author | Evgeny Vereshchagin <evvers@ya.ru> | 2016-09-28 04:50:30 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-09-28 04:50:30 +0300 |
| commit | cc238590e472e8bbba6da262ac985ea59ad52c72 (patch) | |
| tree | fc9754e546ccb3a6355bd4157bc590ab93478469 /src/basic/user-util.c | |
| parent | b8fafaf4a1cffd02389d61ed92ca7acb1b8c739c (diff) | |
| parent | cdfbd1fb26eb75fe6beca47dce7e5e348b077d97 (diff) | |
Merge pull request #4185 from endocode/djalal-sandbox-first-protection-v1
core:sandbox: Add new ProtectKernelTunables=, ProtectControlGroups=, ProtectSystem=strict and fixes
Diffstat (limited to 'src/basic/user-util.c')
| -rw-r--r-- | src/basic/user-util.c | 32 |
1 files changed, 31 insertions, 1 deletions
diff --git a/src/basic/user-util.c b/src/basic/user-util.c index 122d9a0c7c..0522bce1d1 100644 --- a/src/basic/user-util.c +++ b/src/basic/user-util.c @@ -31,14 +31,15 @@ #include <unistd.h> #include <utmp.h> -#include "missing.h" #include "alloc-util.h" #include "fd-util.h" #include "formats-util.h" #include "macro.h" +#include "missing.h" #include "parse-util.h" #include "path-util.h" #include "string-util.h" +#include "strv.h" #include "user-util.h" #include "utf8.h" @@ -175,6 +176,35 @@ int get_user_creds( return 0; } +int get_user_creds_clean( + const char **username, + uid_t *uid, gid_t *gid, + const char **home, + const char **shell) { + + int r; + + /* Like get_user_creds(), but resets home/shell to NULL if they don't contain anything relevant. */ + + r = get_user_creds(username, uid, gid, home, shell); + if (r < 0) + return r; + + if (shell && + (isempty(*shell) || PATH_IN_SET(*shell, + "/bin/nologin", + "/sbin/nologin", + "/usr/bin/nologin", + "/usr/sbin/nologin"))) + *shell = NULL; + + if (home && + (isempty(*home) || path_equal(*home, "/"))) + *home = NULL; + + return 0; +} + int get_group_creds(const char **groupname, gid_t *gid) { struct group *g; gid_t id; |