diff options
author | David Gibson <david@gibson.dropbear.id.au> | 2022-09-12 22:24:00 +1000 |
---|---|---|
committer | Stefano Brivio <sbrivio@redhat.com> | 2022-09-13 05:31:51 +0200 |
commit | 10c63477476acdd5cbe6f3ac13dc637e80d0104b (patch) | |
tree | 82a8d9240f34d4d55cb7c23ba7717adb16f71eaf /test/tcp/pasta | |
parent | 7330ae3abfba9722c04e6c52ae6222de47016834 (diff) | |
download | passt-10c63477476acdd5cbe6f3ac13dc637e80d0104b.tar passt-10c63477476acdd5cbe6f3ac13dc637e80d0104b.tar.gz passt-10c63477476acdd5cbe6f3ac13dc637e80d0104b.tar.bz2 passt-10c63477476acdd5cbe6f3ac13dc637e80d0104b.tar.lz passt-10c63477476acdd5cbe6f3ac13dc637e80d0104b.tar.xz passt-10c63477476acdd5cbe6f3ac13dc637e80d0104b.tar.zst passt-10c63477476acdd5cbe6f3ac13dc637e80d0104b.zip |
Split checking for root from dropping root privilege
check_root() both checks to see if we are root (in the init namespace),
and if we are drops to an unprivileged user. To make future cleanups
simpler, split the checking for root (now in check_root()) from the actual
dropping of privilege (now in drop_root()).
Note that this does slightly alter semantics. Previously we would only
setuid() if we were originally root (in the init namespace). Now we will
always setuid() and setgid(), though it won't actually change anything if
we weren't privileged to begin with. This also means that we will now
always attempt to switch to the user specified with --runas, even if we
aren't (init namespace) root to begin with. Obviously this will fail with
an error if we weren't privileged to start with. --help and the man page
are updated accordingly.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Diffstat (limited to 'test/tcp/pasta')
0 files changed, 0 insertions, 0 deletions