shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2025-03-08 20:58:20 +03:00
Code

core: intialize user aux groups and SupplementaryGroups= when DynamicUser= is set

Browse Source 
Make sure that when DynamicUser= is set that we intialize the user
supplementary groups and that we also support SupplementaryGroups=

Fixes: https://github.com/systemd/systemd/issues/4539

Thanks Evgeny Vereshchagin (@evverx)
This commit is contained in:
Djalal Harouni 2016-11-02 22:42:40 +01:00
parent b2c82a7f2f
commit cdc5d5c55e
1 changed files with 12 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
src/core/execute.c
View File

@ -773,11 +773,9 @@ static int get_fixed_group(const ExecContext *c, const char **group, gid_t *gid)
return 0; return 0;
} }
static int get_fixed_supplementary_groups(const ExecContext *c, static int get_supplementary_groups(const ExecContext *c, const char *user,
const char *user, const char *group, gid_t gid,
const char *group, gid_t **supplementary_gids, int *ngids) {
gid_t gid,
gid_t **supplementary_gids, int *ngids) {
char **i; char **i;
int r, k = 0; int r, k = 0;
int ngroups_max; int ngroups_max;
@ -790,8 +788,8 @@ static int get_fixed_supplementary_groups(const ExecContext *c,
/* /*
* If user is given, then lookup GID and supplementary groups list. * If user is given, then lookup GID and supplementary groups list.
* We avoid NSS lookups for gid=0. Also we have to initialize groups * We avoid NSS lookups for gid=0. Also we have to initialize groups
* as early as possible so we keep the list of supplementary groups * here and as early as possible so we keep the list of supplementary
* of the caller. * groups of the caller.
*/ */
if (user && gid_is_valid(gid) && gid != 0) { if (user && gid_is_valid(gid) && gid != 0) {
/* First step, initialize groups from /etc/groups */ /* First step, initialize groups from /etc/groups */
@ -2347,13 +2345,14 @@ static int exec_child(
*exit_status = EXIT_GROUP; *exit_status = EXIT_GROUP;
return r; return r;
} }
}
r = get_fixed_supplementary_groups(context, username, groupname, /* Initialize user supplementary groups and get SupplementaryGroups= ones */
gid, &supplementary_gids, &ngids); r = get_supplementary_groups(context, username, groupname, gid,
if (r < 0) { &supplementary_gids, &ngids);
*exit_status = EXIT_GROUP; if (r < 0) {
return r; *exit_status = EXIT_GROUP;
} return r;
} }
r = send_user_lookup(unit, user_lookup_fd, uid, gid); r = send_user_lookup(unit, user_lookup_fd, uid, gid);