diff options
author | Jes Sorensen <Jes.Sorensen@redhat.com> | 2010-06-10 11:42:26 +0200 |
---|---|---|
committer | Blue Swirl <blauwirbel@gmail.com> | 2010-06-12 08:49:15 +0300 |
commit | 8847cfe8aa9d8f6b8648aafd5d929a57d836cc61 (patch) | |
tree | a2ddadf9e34568a4448cd3a7306e20c39ba964de /os-posix.c | |
parent | 59a5264b994343f01d19faf95c0e5df70346ded8 (diff) | |
download | qemu-8847cfe8aa9d8f6b8648aafd5d929a57d836cc61.tar.gz qemu-8847cfe8aa9d8f6b8648aafd5d929a57d836cc61.tar.bz2 qemu-8847cfe8aa9d8f6b8648aafd5d929a57d836cc61.zip |
Move runas handling from vl.c to OS specific files.
Move code to handle runas, ie. change of user id of QEMU process
to OS specific files and provide dummy stub for Win32.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Acked-by: Juan Quintela <quintela@redhat.com>
Acked-by: Richard Henderson <rth@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Diffstat (limited to 'os-posix.c')
-rw-r--r-- | os-posix.c | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/os-posix.c b/os-posix.c index 0deddf3e41..8b686a44e1 100644 --- a/os-posix.c +++ b/os-posix.c @@ -28,6 +28,7 @@ #include <signal.h> #include <sys/types.h> #include <sys/wait.h> +#include <pwd.h> #include <libgen.h> /* Needed early for CONFIG_BSD etc. */ @@ -36,6 +37,8 @@ #include "net/slirp.h" #include "qemu-options.h" +static struct passwd *user_pwd; + void os_setup_early_signal_handling(void) { struct sigaction act; @@ -146,6 +149,31 @@ void os_parse_cmd_args(int index, const char *optarg) exit(1); break; #endif + case QEMU_OPTION_runas: + user_pwd = getpwnam(optarg); + if (!user_pwd) { + fprintf(stderr, "User \"%s\" doesn't exist\n", optarg); + exit(1); + } + break; } return; } + +void os_change_process_uid(void) +{ + if (user_pwd) { + if (setgid(user_pwd->pw_gid) < 0) { + fprintf(stderr, "Failed to setgid(%d)\n", user_pwd->pw_gid); + exit(1); + } + if (setuid(user_pwd->pw_uid) < 0) { + fprintf(stderr, "Failed to setuid(%d)\n", user_pwd->pw_uid); + exit(1); + } + if (setuid(0) != -1) { + fprintf(stderr, "Dropping privileges failed\n"); + exit(1); + } + } +} |