3
Subject: os-posix: set groups properly for -runas
4
Date: Fri, 08 Jul 2011 23:22:07 -0000
5
From: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
6
Message-Id: <1310203327-27069-1-git-send-email-stefanha@linux.vnet.ibm.com>
7
To: <qemu-devel@nongnu.org>
8
Cc: Bug 807893 <807893@bugs.launchpad.net>,
9
Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
11
Andrew Griffiths reports that -runas does not set supplementary group
12
IDs. This means that gid 0 (root) is not dropped when switching to an
15
Add an initgroups(3) call to use the -runas user's /etc/groups
16
membership to update the supplementary group IDs.
18
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
19
Acked-by: Chris Wright <chrisw@sous-sol.org>
22
Note this needs compile testing on various POSIX host platforms. Tested on
23
Linux. Should work on BSD and Solaris. initgroups(3) is SVr4/BSD but not in
27
1 file changed, 6 insertions(+)
29
Index: qemu-kvm-0.14.0+noroms/os-posix.c
30
===================================================================
31
--- qemu-kvm-0.14.0+noroms.orig/os-posix.c 2011-02-22 07:34:38.000000000 -0600
32
+++ qemu-kvm-0.14.0+noroms/os-posix.c 2011-07-26 08:02:42.000000000 -0500
34
/*needed for MAP_POPULATE before including qemu-options.h */
40
/* Needed early for CONFIG_BSD etc. */
42
fprintf(stderr, "Failed to setgid(%d)\n", user_pwd->pw_gid);
45
+ if (initgroups(user_pwd->pw_name, user_pwd->pw_gid) < 0) {
46
+ fprintf(stderr, "Failed to initgroups(\"%s\", %d)\n",
47
+ user_pwd->pw_name, user_pwd->pw_gid);
50
if (setuid(user_pwd->pw_uid) < 0) {
51
fprintf(stderr, "Failed to setuid(%d)\n", user_pwd->pw_uid);