[systemd-devel] [PATCH 03/12] test: add simple helper to drop privileges
Djalal Harouni
tixxdz at opendz.org
Fri Jun 20 09:49:57 PDT 2014
This is needed since we will add tests to fork() + drop privileges
Signed-off-by: Djalal Harouni <tixxdz at opendz.org>
---
test/kdbus-util.c | 29 +++++++++++++++++++++++++++++
test/kdbus-util.h | 1 +
2 files changed, 30 insertions(+)
diff --git a/test/kdbus-util.c b/test/kdbus-util.c
index b7dc057..965c95d 100644
--- a/test/kdbus-util.c
+++ b/test/kdbus-util.c
@@ -20,6 +20,7 @@
#include <errno.h>
#include <assert.h>
#include <poll.h>
+#include <grp.h>
#include <sys/ioctl.h>
#include <sys/mman.h>
@@ -625,3 +626,31 @@ void add_match_empty(int fd)
if (ret < 0)
fprintf(stderr, "--- error adding conn match: %d (%m)\n", ret);
}
+
+int drop_privileges(uid_t uid, gid_t gid)
+{
+ int ret;
+
+ ret = setgroups(0, NULL);
+ if (ret < 0) {
+ ret = -errno;
+ fprintf(stderr, "error setgroups: %d (%m)\n", ret);
+ return ret;
+ }
+
+ ret = setresgid(gid, gid, gid);
+ if (ret < 0) {
+ ret = -errno;
+ fprintf(stderr, "error setresgid: %d (%m)\n", ret);
+ return ret;
+ }
+
+ ret = setresuid(uid, uid, uid);
+ if (ret < 0) {
+ ret = -errno;
+ fprintf(stderr, "error setresuid: %d (%m)\n", ret);
+ return ret;
+ }
+
+ return ret;
+}
diff --git a/test/kdbus-util.h b/test/kdbus-util.h
index 9771622..dd7d7b6 100644
--- a/test/kdbus-util.h
+++ b/test/kdbus-util.h
@@ -55,3 +55,4 @@ struct kdbus_item *make_policy_name(const char *name);
struct kdbus_item *make_policy_access(__u64 type, __u64 bits, __u64 id);
void add_match_empty(int fd);
+int drop_privileges(uid_t uid, gid_t gid);
--
1.9.0
More information about the systemd-devel
mailing list