commit bf6c0e150fb864c83e8796be0a3577071b1f51ae
parent 2bf8cce43cfb310570f99b79443d660b1f3fc299
Author: Joris Vink <joris@coders.se>
Date: Wed, 11 Jul 2018 06:53:51 +0200
Let kore_worker_privdrop() take user and chroot.
This will make it easier when the keymgr gets its own user/chroot settings.
Diffstat:
3 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/include/kore/kore.h b/include/kore/kore.h
@@ -519,10 +519,10 @@ void kore_signal_setup(void);
void kore_worker_wait(int);
void kore_worker_init(void);
void kore_worker_shutdown(void);
-void kore_worker_privdrop(void);
void kore_worker_dispatch_signal(int);
void kore_worker_spawn(u_int16_t, u_int16_t);
void kore_worker_entry(struct kore_worker *);
+void kore_worker_privdrop(const char *, const char *);
struct kore_worker *kore_worker_data(u_int8_t);
diff --git a/src/keymgr.c b/src/keymgr.c
@@ -79,7 +79,7 @@ kore_keymgr_run(void)
kore_module_cleanup();
kore_domain_callback(keymgr_load_privatekey);
- kore_worker_privdrop();
+ kore_worker_privdrop(runas_user, chroot_path);
net_init();
kore_connection_init();
diff --git a/src/worker.c b/src/worker.c
@@ -219,7 +219,7 @@ kore_worker_dispatch_signal(int sig)
}
void
-kore_worker_privdrop(void)
+kore_worker_privdrop(const char *runas, const char *root)
{
rlim_t fd;
struct rlimit rl;
@@ -227,17 +227,17 @@ kore_worker_privdrop(void)
/* Must happen before chroot. */
if (skip_runas == 0) {
- pw = getpwnam(runas_user);
+ pw = getpwnam(runas);
if (pw == NULL) {
- fatal("cannot getpwnam(\"%s\") runas user: %s",
- runas_user, errno_s);
+ fatal("cannot getpwnam(\"%s\") for user: %s",
+ runas, errno_s);
}
}
if (skip_chroot == 0) {
- if (chroot(chroot_path) == -1) {
+ if (chroot(root) == -1) {
fatal("cannot chroot(\"%s\"): %s",
- chroot_path, errno_s);
+ root, errno_s);
}
if (chdir("/") == -1)
@@ -309,7 +309,7 @@ kore_worker_entry(struct kore_worker *kw)
}
#endif
- kore_worker_privdrop();
+ kore_worker_privdrop(runas_user, chroot_path);
net_init();
#if !defined(KORE_NO_HTTP)
