utils: add uid, gid, group convenience wrappers

This commit adds lxc_switch_uid_gid() which allows to switch the uid and gid of a process via setuid() and setgid() and lxc_setgroups() which allows to set groups via setgroups(). The main advantage is that they nicely log the switches they perform. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

utils: add uid, gid, group convenience wrappers
dbaf55a3 · Christian Brauner · 4484e6f8 · dbaf55a3 · dbaf55a3
Unverified Commit dbaf55a3 authored Jan 02, 2017 by Christian Brauner
Hide whitespace changes
Inline Side-by-side

Showing with 34 additions and 0 deletions

utils.c src/lxc/utils.c +30 -0

utils.h src/lxc/utils.h +4 -0

No files found.
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -26,6 +26,7 @@
 #include <dirent.h>
 #include <errno.h>
 #include <fcntl.h>
+#include <grp.h>
 #include <libgen.h>
 #include <stddef.h>
 #include <stdio.h>
@@ -2053,3 +2054,32 @@ int lxc_safe_long(const char *numstr, long int *converted)
 	*converted = sli;
 	return 0;
 }
+int lxc_switch_uid_gid(uid_t uid, gid_t gid)
+{
+	if (setgid(gid) < 0) {
+		SYSERROR("Failed to switch to gid %d.", gid);
+		return -errno;
+	}
+	NOTICE("Switched to gid %d.", gid);
+	if (setuid(uid) < 0) {
+		SYSERROR("Failed to switch to uid %d.", uid);
+		return -errno;
+	}
+	NOTICE("Switched to uid %d.", uid);
+	return 0;
+}
+/* Simple covenience function which enables uniform logging. */
+int lxc_setgroups(int size, gid_t list[])
+{
+	if (setgroups(size, list) < 0) {
+		SYSERROR("Failed to setgroups().");
+		return -errno;
+	}
+	NOTICE("Dropped additional groups.");
+	return 0;
+}
--- a/src/lxc/utils.h
+++ b/src/lxc/utils.h
@@ -327,4 +327,8 @@ int lxc_safe_uint(const char *numstr, unsigned int *converted);
 int lxc_safe_int(const char *numstr, int *converted);
 int lxc_safe_long(const char *numstr, long int *converted);
+/* Switch to a new uid and gid. */
+int lxc_switch_uid_gid(uid_t uid, gid_t gid);
+int lxc_setgroups(int size, gid_t list[]);
 #endif /* __LXC_UTILS_H */