INSTANCE_ATTR_WATCH,
INSTANCE_ATTR_ERROR,
INSTANCE_ATTR_USER,
+ INSTANCE_ATTR_GROUP,
INSTANCE_ATTR_STDOUT,
INSTANCE_ATTR_STDERR,
INSTANCE_ATTR_NO_NEW_PRIVS,
[INSTANCE_ATTR_WATCH] = { "watch", BLOBMSG_TYPE_ARRAY },
[INSTANCE_ATTR_ERROR] = { "error", BLOBMSG_TYPE_ARRAY },
[INSTANCE_ATTR_USER] = { "user", BLOBMSG_TYPE_STRING },
+ [INSTANCE_ATTR_GROUP] = { "group", BLOBMSG_TYPE_STRING },
[INSTANCE_ATTR_STDOUT] = { "stdout", BLOBMSG_TYPE_BOOL },
[INSTANCE_ATTR_STDERR] = { "stderr", BLOBMSG_TYPE_BOOL },
[INSTANCE_ATTR_NO_NEW_PRIVS] = { "no_new_privs", BLOBMSG_TYPE_BOOL },
closefd(_stderr);
}
- if (in->user && in->gid && initgroups(in->user, in->gid)) {
+ if (in->user && in->pw_gid && initgroups(in->user, in->pw_gid)) {
ERROR("failed to initgroups() for user %s: %m\n", in->user);
exit(127);
}
- if (in->gid && setgid(in->gid)) {
- ERROR("failed to set group id %d: %m\n", in->gid);
+ if (in->gr_gid && setgid(in->gr_gid)) {
+ ERROR("failed to set group id %d: %m\n", in->gr_gid);
exit(127);
}
if (in->uid && setuid(in->uid)) {
if (string_changed(in->user, in_new->user))
return true;
+ if (string_changed(in->group, in_new->group))
+ return true;
+
if (in->uid != in_new->uid)
return true;
- if (in->gid != in_new->gid)
+ if (in->pw_gid != in_new->pw_gid)
return true;
if (string_changed(in->pidfile, in_new->pidfile))
if (p) {
in->user = strdup(user);
in->uid = p->pw_uid;
- in->gid = p->pw_gid;
+ in->gr_gid = in->pw_gid = p->pw_gid;
+ }
+ }
+
+ if (tb[INSTANCE_ATTR_GROUP]) {
+ const char *group = blobmsg_get_string(tb[INSTANCE_ATTR_GROUP]);
+ struct group *p = getgrnam(group);
+ if (p) {
+ in->group = strdup(group);
+ in->gr_gid = p->gr_gid;
}
}
instance_config_cleanup(in);
free(in->config);
free(in->user);
+ free(in->group);
free(in);
}
projects / oweals / procd.git / blobdiff