summaryrefslogtreecommitdiff
path: root/src/compat-libs
diff options
context:
space:
mode:
authorDavid Herrmann <dh.herrmann@gmail.com>2015-09-23 00:51:20 +0200
committerDavid Herrmann <dh.herrmann@gmail.com>2015-09-23 00:51:20 +0200
commit2d7c6aa20cef0128e7a90c4da3d3519ed5c6b0f3 (patch)
tree180deba3d9fa1352fb7b6a56ff8c677c7b23c88e /src/compat-libs
parent3c0fffb74ef7ea572182d9637847e950e9a3a922 (diff)
core: make setup_pam() synchronous
If we spawn a unit with a non-empty 'PAMName=', we fork off a child-process _inside_ the unit, known as '(sd-pam)', which watches the session. It waits for the main-process to exit and then finishes it via pam_close_session(3). However, the '(sd-pam)' setup is highly asynchronous. There is no guarantee that process gets spawned before we finish the unit setup. Therefore, there might be a root-owned process inside of the cgroup of the unit, thus causing cg_migrate() to error-out with EPERM. This patch makes setup_pam() synchronous and waits for the '(sd-pam)' setup to finish before continuing. This guarantees that setresuid(2) was at least tried before we continue with the child setup of the real unit. Note that if setresuid(2) fails, we already warn loudly about it. You really must make sure that you own the passed user if using 'PAMName='. It seems very plausible to rely on that assumption.
Diffstat (limited to 'src/compat-libs')
0 files changed, 0 insertions, 0 deletions