summaryrefslogtreecommitdiff
path: root/os-posix.c
diff options
context:
space:
mode:
authorJes Sorensen <Jes.Sorensen@redhat.com>2010-06-10 11:42:26 +0200
committerBlue Swirl <blauwirbel@gmail.com>2010-06-12 08:49:15 +0300
commit8847cfe8aa9d8f6b8648aafd5d929a57d836cc61 (patch)
treea2ddadf9e34568a4448cd3a7306e20c39ba964de /os-posix.c
parent59a5264b994343f01d19faf95c0e5df70346ded8 (diff)
downloadqemu-8847cfe8aa9d8f6b8648aafd5d929a57d836cc61.tar.gz
qemu-8847cfe8aa9d8f6b8648aafd5d929a57d836cc61.tar.bz2
qemu-8847cfe8aa9d8f6b8648aafd5d929a57d836cc61.zip
Move runas handling from vl.c to OS specific files.
Move code to handle runas, ie. change of user id of QEMU process to OS specific files and provide dummy stub for Win32. Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com> Acked-by: Juan Quintela <quintela@redhat.com> Acked-by: Richard Henderson <rth@redhat.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Diffstat (limited to 'os-posix.c')
-rw-r--r--os-posix.c28
1 files changed, 28 insertions, 0 deletions
diff --git a/os-posix.c b/os-posix.c
index 0deddf3e41..8b686a44e1 100644
--- a/os-posix.c
+++ b/os-posix.c
@@ -28,6 +28,7 @@
#include <signal.h>
#include <sys/types.h>
#include <sys/wait.h>
+#include <pwd.h>
#include <libgen.h>
/* Needed early for CONFIG_BSD etc. */
@@ -36,6 +37,8 @@
#include "net/slirp.h"
#include "qemu-options.h"
+static struct passwd *user_pwd;
+
void os_setup_early_signal_handling(void)
{
struct sigaction act;
@@ -146,6 +149,31 @@ void os_parse_cmd_args(int index, const char *optarg)
exit(1);
break;
#endif
+ case QEMU_OPTION_runas:
+ user_pwd = getpwnam(optarg);
+ if (!user_pwd) {
+ fprintf(stderr, "User \"%s\" doesn't exist\n", optarg);
+ exit(1);
+ }
+ break;
}
return;
}
+
+void os_change_process_uid(void)
+{
+ if (user_pwd) {
+ if (setgid(user_pwd->pw_gid) < 0) {
+ fprintf(stderr, "Failed to setgid(%d)\n", user_pwd->pw_gid);
+ exit(1);
+ }
+ if (setuid(user_pwd->pw_uid) < 0) {
+ fprintf(stderr, "Failed to setuid(%d)\n", user_pwd->pw_uid);
+ exit(1);
+ }
+ if (setuid(0) != -1) {
+ fprintf(stderr, "Dropping privileges failed\n");
+ exit(1);
+ }
+ }
+}