[Pkg-libvirt-commits] [libvirt-sandbox] 02/03: Allow to switch to a specific user id

Guido Guenther agx at moszumanska.debian.org
Sun Apr 3 20:43:33 UTC 2016 

This is an automated email from the git hooks/post-receive script.

agx pushed a commit to branch debian/sid
in repository libvirt-sandbox.

commit d1152c9a396c2dcb7b586f7559273b1538e97b27
Author: Guido Günther <agx at sigxcpu.org>
Date:   Wed Mar 23 08:46:11 2016 +0100

    Allow to switch to a specific user id
---
 .../Allow-to-switch-to-a-specific-user-id.patch    | 86 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 2 files changed, 87 insertions(+)

diff --git a/debian/patches/Allow-to-switch-to-a-specific-user-id.patch b/debian/patches/Allow-to-switch-to-a-specific-user-id.patch
new file mode 100644
index 0000000..a6d79db
--- /dev/null
+++ b/debian/patches/Allow-to-switch-to-a-specific-user-id.patch
@@ -0,0 +1,86 @@
+From: =?utf-8?q?Guido_G=C3=BCnther?= <agx at sigxcpu.org>
+Date: Tue, 22 Mar 2016 19:44:57 +0100
+Subject: Allow to switch to a specific user id
+
+Useful if you want to run programs as the same user than outside the
+sandbox.
+---
+ bin/virt-sandbox.c | 26 ++++++++++++++++++++++++++
+ 1 file changed, 26 insertions(+)
+
+diff --git a/bin/virt-sandbox.c b/bin/virt-sandbox.c
+index 4c400d5..9495e85 100644
+--- a/bin/virt-sandbox.c
++++ b/bin/virt-sandbox.c
+@@ -24,6 +24,8 @@
+ 
+ #include <libvirt-sandbox/libvirt-sandbox.h>
+ #include <glib/gi18n.h>
++#include <sys/types.h>
++#include <pwd.h>
+ 
+ static gboolean do_close(GVirSandboxConsole *con G_GNUC_UNUSED,
+                          gboolean error G_GNUC_UNUSED,
+@@ -92,6 +94,7 @@ int main(int argc, char **argv) {
+     gchar *kernver = NULL;
+     gchar *kernpath = NULL;
+     gchar *kmodpath = NULL;
++    gchar *switchto = NULL;
+     gboolean verbose = FALSE;
+     gboolean debug = FALSE;
+     gboolean shell = FALSE;
+@@ -126,6 +129,8 @@ int main(int argc, char **argv) {
+           N_("security properties"), "PATH", },
+         { "privileged", 'p', 0, G_OPTION_ARG_NONE, &privileged,
+           N_("run the command privileged"), NULL },
++        { "switchto", 'S', 0, G_OPTION_ARG_STRING, &switchto,
++          N_("swith to the given user"), "USER" },
+         { "shell", 'l', 0, G_OPTION_ARG_NONE, &shell,
+           N_("start a shell"), NULL, },
+         { "kernver", 0, 0, G_OPTION_ARG_STRING, &kernver,
+@@ -139,6 +144,7 @@ int main(int argc, char **argv) {
+         { NULL, 0, 0, G_OPTION_ARG_NONE, NULL, NULL, NULL }
+     };
+     const char *help_msg = N_("Run 'virt-sandbox --help' to see a full list of available command line options");
++    struct passwd *pw;
+ 
+     setlocale(LC_ALL, "");
+     bindtextdomain(PACKAGE, LOCALEDIR);
+@@ -198,10 +204,25 @@ int main(int argc, char **argv) {
+     if (kmodpath)
+         gvir_sandbox_config_set_kmodpath(cfg, kmodpath);
+ 
++    if (privileged && switchto) {
++        g_printerr(_("'switchto' and 'privileged' are incompatible options\n"));
++        goto cleanup;
++    }
++
+     if (privileged) {
+         gvir_sandbox_config_set_userid(cfg, 0);
+         gvir_sandbox_config_set_groupid(cfg, 0);
+         gvir_sandbox_config_set_username(cfg, "root");
++    } else if (switchto) {
++        pw = getpwnam(switchto);
++        if (!pw) {
++            g_printerr(_("Failed to resolve user %s\n"), switchto);
++            goto cleanup;
++        }
++        gvir_sandbox_config_set_userid(cfg, pw->pw_uid);
++        gvir_sandbox_config_set_groupid(cfg, pw->pw_gid);
++        gvir_sandbox_config_set_username(cfg, pw->pw_name);
++        gvir_sandbox_config_set_homedir(cfg, pw->pw_dir);
+     }
+ 
+     if (envs &&
+@@ -541,6 +562,11 @@ to this path to locate the modules.
+ Retain root privileges inside the sandbox, rather than dropping privileges
+ to match the current user identity.
+ 
++=item B<-S USER>, B<--switchto=USER>
++
++Swith to the given user inside the sandbox and setup $HOME
++accordingly.
++
+ =item B<-l>, B<--shell>
+ 
+ Launch an interactive shell on a secondary console device
diff --git a/debian/patches/series b/debian/patches/series
index c505a12..e3544f3 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
 Silence-PyGIWarnings.patch
 tests-add-file-extension-for-host-mounts.patch
 sandbox-builder-Always-stop-in-case-of-failure-to-list-di.patch
+Allow-to-switch-to-a-specific-user-id.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-libvirt/libvirt-sandbox.git

More information about the Pkg-libvirt-commits mailing list