From a951e0b9efcbb64ca8b1d7c62c6c27a4498d21d6 Mon Sep 17 00:00:00 2001
From: Stefano Brivio <sbrivio@redhat.com>
Date: Wed, 18 May 2022 19:10:45 +0200
Subject: conf: Add --runas option, changing to given UID and GID if started as
 root

On some systems, user and group "nobody" might not be available. The
new --runas option allows to override the default "nobody" choice if
started as root.

Now that we allow this, drop the initgroups() call that was used to
add any additional groups for the given user, as that might now
grant unnecessarily broad permissions. For instance, several
distributions have a "kvm" group to allow regular user access to
/dev/kvm, and we don't need that in passt or pasta.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
---
 util.h | 1 +
 1 file changed, 1 insertion(+)

(limited to 'util.h')

diff --git a/util.h b/util.h
index 6f2c702..ae4cc54 100644
--- a/util.h
+++ b/util.h
@@ -240,6 +240,7 @@ char *line_read(char *buf, size_t len, int fd);
 void procfs_scan_listen(struct ctx *c, uint8_t proto, int ip_version, int ns,
 			uint8_t *map, uint8_t *exclude);
 void drop_caps(void);
+void check_root(struct ctx *c);
 int ns_enter(const struct ctx *c);
 void write_pidfile(int fd, pid_t pid);
 int __daemon(int pidfile_fd, int devnull_fd);
-- 
cgit v1.2.3