From ee177bb1ed81dd84463cf66a6009d4043de2d7e8 Mon Sep 17 00:00:00 2001 From: Adam Michalski Date: Fri, 29 Jul 2022 12:48:43 +0200 Subject: Create subsession and `apps_rw` directories with [subsession_uid]:system_share UID:GID Change-Id: Ib1f8d18d715ba6ff52c97cfe78c56d00ae2e9d37 --- sessiond/src/fs_helpers.cpp | 18 +++++++++++++++--- sessiond/src/fs_helpers.h | 1 + 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/sessiond/src/fs_helpers.cpp b/sessiond/src/fs_helpers.cpp index 8c68a20..614f3b1 100644 --- a/sessiond/src/fs_helpers.cpp +++ b/sessiond/src/fs_helpers.cpp @@ -135,14 +135,23 @@ int fs_helpers::get_gid_from_name(std::string_view group_name) std::unique_ptr str_grp_buf(new char[max_grp_buf_size]); group pass_grp_buf, *pass_grp_ptr; - getgrnam_r(main_dir_group.data(), &pass_grp_buf, str_grp_buf.get(), max_grp_buf_size, &pass_grp_ptr); + getgrnam_r(group_name.data(), &pass_grp_buf, str_grp_buf.get(), max_grp_buf_size, &pass_grp_ptr); if (!pass_grp_ptr) throw std::runtime_error("Couldn't get Unix gid for `"s - + main_dir_group.data() + + group_name.data() + "` group"); return pass_grp_ptr->gr_gid; } +void fs_helpers::change_owner_and_group(std::string_view path, const int session_uid, const int group_id) +{ + if (chown(path.data(), session_uid, group_id) == -1) + throw std::system_error(errno, std::system_category(), + "Couldn't set owner/group of the `"s + + path.data() + + "` file/directory"); +} + // Create `$HOME/subsession` directory if it doesn't exist void fs_helpers::create_main_subdirectory(const int session_uid, std::string_view main_dir) { @@ -200,6 +209,9 @@ void fs_helpers::add_user_subsession(const int session_uid, const std::string_vi fs::create_directory(tmp_subsession_dir); + int gid = get_gid_from_name(main_dir_group); + change_owner_and_group(tmp_subsession_dir, session_uid, gid); + std::string apps_rw_dir = tmp_subsession_dir + "/apps_rw"; fs::path apps_rw_path { apps_rw_dir }; std::string source_dir = "/etc/skel/apps_rw"; @@ -224,7 +236,7 @@ void fs_helpers::add_user_subsession(const int session_uid, const std::string_vi copy_smack_attributes(s_path, d_path); } // Last but not least - the `apps_rw` directory itself - copy_ownership(source_dir, apps_rw_dir); + change_owner_and_group(apps_rw_dir, session_uid, gid); copy_smack_attributes(source_dir, apps_rw_dir); // Copy + rename so that the replacement is atomic diff --git a/sessiond/src/fs_helpers.h b/sessiond/src/fs_helpers.h index d0772cb..8843a87 100644 --- a/sessiond/src/fs_helpers.h +++ b/sessiond/src/fs_helpers.h @@ -15,6 +15,7 @@ namespace fs_helpers fs::path get_subsession_dir_by_uid(const int session_uid); void create_main_subdirectory(const int session_uid, std::string_view main_dir); + void change_owner_and_group(std::string_view path, const int session_uid, const int group_id); void copy_ownership(std::string_view src_path, std::string_view dest_path); std::string get_smack_label(std::string_view src_path, smack_label_type type); void copy_smack_attributes(std::string_view src_path, std::string_view dest_path); -- cgit v1.2.3