diff options
author | Jo-Philipp Wich <jow@openwrt.org> | 2015-05-05 11:08:24 +0200 |
---|---|---|
committer | Jo-Philipp Wich <jow@openwrt.org> | 2015-05-05 11:08:24 +0200 |
commit | a6afa72f192f6efe8374d0f0c77fb2a545225a92 (patch) | |
tree | b35722d10ad39cc396c2adc1d5da8a68bb71de34 /unitd.h | |
parent | 312d0fc22d32171b5b2f6cf5272b11784888dfbe (diff) | |
download | unitd-a6afa72f192f6efe8374d0f0c77fb2a545225a92.tar unitd-a6afa72f192f6efe8374d0f0c77fb2a545225a92.zip |
instance: handle setgid() before setuid()
When attempting to run a service with an unprivileged user and group
id procd, the following error might occur:
procd: failed to set uid:1000, gid:1000
This is due to the fact that procd first performs the setuid(), then
the setgid() call.
Usually there no sufficient permissions after a setuid() anymore to
change the effective group id of the process.
Refactor the code to:
* Swap the invocations (first gid, then uid)
* Don't set user or group id if it is 0
* Handle errors independently and make them more verbose
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Diffstat (limited to 'unitd.h')
0 files changed, 0 insertions, 0 deletions