chore: Use geteuid() instead of getuid() to check privilege

2025-03-25 18:50:44 +03:00 · 2024-12-18 23:48:41 +08:00 · 2024-12-18 23:48:41 +08:00 · a6e6936ded
commit a6e6936ded
parent d472e60e03
5 changed files with 13 additions and 4 deletions
--- a/src/libostree/ostree-bootloader-zipl.c
+++ b/src/libostree/ostree-bootloader-zipl.c
@ -432,7 +432,7 @@ _ostree_bootloader_zipl_post_bls_sync (OstreeBootloader *bootloader, int bootver
  // This can happen in a unit testing environment; at some point what we want to do here
  // is move all of the zipl logic to a systemd unit instead that's keyed of
  // ostree-finalize-staged.service.
-  if (getuid () != 0)
+  if (!ot_util_process_privileged ())
    return TRUE;

  // If we're in a booted deployment, we don't need to spawn a container.
--- a/src/libostree/ostree-repo-commit.c
+++ b/src/libostree/ostree-repo-commit.c
@ -1658,7 +1658,7 @@ ostree_repo_prepare_transaction (OstreeRepo *self, gboolean *out_transaction_res
  self->reserved_blocks = reserved_bytes / self->txn.blocksize;

  /* Use the appropriate free block count if we're unprivileged */
-  guint64 bfree = (getuid () != 0 ? stvfsbuf.f_bavail : stvfsbuf.f_bfree);
+  guint64 bfree = (ot_util_process_privileged () ? stvfsbuf.f_bfree : stvfsbuf.f_bavail);
  if (bfree > self->reserved_blocks)
    self->txn.max_blocks = bfree - self->reserved_blocks;
  else
--- a/src/libotutil/ot-unix-utils.c
+++ b/src/libotutil/ot-unix-utils.c
@ -102,3 +102,10 @@ ot_util_path_split_validate (const char *path, GPtrArray **out_components, GErro
  ot_transfer_out_value (out_components, &ret_components);
  return TRUE;
 }
+
+/* Check if current process is privileged */
+gboolean
+ot_util_process_privileged (void)
+{
+  return geteuid() == 0;
+}
--- a/src/libotutil/ot-unix-utils.h
+++ b/src/libotutil/ot-unix-utils.h
@ -39,4 +39,6 @@ gboolean ot_util_filename_validate (const char *name, GError **error);

 gboolean ot_util_path_split_validate (const char *path, GPtrArray **out_components, GError **error);

+gboolean ot_util_process_privileged (void);
+
 G_END_DECLS
--- a/src/ostree/ot-main.c
+++ b/src/ostree/ot-main.c
@ -116,7 +116,7 @@ maybe_setup_mount_namespace (gboolean *out_ns, GError **error)
  *out_ns = FALSE;

  /* If we're not root, then we almost certainly can't be remounting anything */
-  if (getuid () != 0)
+  if (!ot_util_process_privileged ())
    return TRUE;

  /* If the system isn't booted via libostree, also nothing to do */
@ -580,7 +580,7 @@ ostree_admin_sysroot_load (OstreeSysroot *sysroot, OstreeAdminBuiltinFlags flags
      /* Only require root if we're manipulating a booted sysroot. (Mostly
       * useful for the test suite)
       */
-      if (booted && getuid () != 0)
+      if (booted && !ot_util_process_privileged ())
        {
          g_set_error (error, G_IO_ERROR, G_IO_ERROR_PERMISSION_DENIED,
                       "You must be root to perform this command");