keremet/rpm-ostree
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

countme: Refuse to run as root

Browse Source 
We do not need root privileges and should only be started via the system
service unit so avoid mistake by verifying that on startup.
This commit is contained in:
Timothée Ravier 2021-03-16 16:55:49 +01:00 committed by Colin Walters
parent 3929e38ac0
commit d7851563f1
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
rust/src/countme.rs
View File

@ -4,6 +4,7 @@
use anyhow::{bail, Context, Result};
use curl::easy::Easy;
use nix::unistd::geteuid;
use os_release::OsRelease;
use std::path;
@ -35,11 +36,16 @@ fn send_countme(url: &str, ua: &str) -> Result<()> {
/// Main entrypoint for countme
pub fn entrypoint() -> Result<()> {
// Silently skip if we are not run on an ostree booted system
// Skip if we are not run on an ostree booted system
if !path::Path::new("/run/ostree-booted").exists() {
bail!("Not running on an ostree based system");
}
// Skip if we are not running with an unprivileged user
if geteuid().is_root() {
bail!("Must run under an unprivileged user");
}
// Load repo configs and keep only those enabled, with a metalink and countme=1
let repos: Vec<_> = self::repo::all()?
.into_iter()