[CRIU] [PATCH 2/4] security: add cr_fchown
Ruslan Kuprieiev
kupruser at gmail.com
Thu Jan 29 12:59:28 PST 2015
Signed-off-by: Ruslan Kuprieiev <kupruser at gmail.com>
---
include/security.h | 1 +
security.c | 13 +++++++++++++
2 files changed, 14 insertions(+)
diff --git a/include/security.h b/include/security.h
index 43bfb45..b21c8d9 100644
--- a/include/security.h
+++ b/include/security.h
@@ -8,5 +8,6 @@ extern int restrict_uid(unsigned int uid, unsigned int gid);
extern bool may_dump(struct proc_status_creds *);
extern bool may_restore(struct _CredsEntry *);
extern bool cr_user_is_root(void);
+extern int cr_fchown(int fd);
#endif /* __CR_SECURITY_H__ */
diff --git a/security.c b/security.c
index 5189846..693c575 100644
--- a/security.c
+++ b/security.c
@@ -169,3 +169,16 @@ bool may_restore(CredsEntry *creds)
check_groups(creds->groups, creds->n_groups) &&
check_caps(creds->cap_inh, creds->cap_eff, creds->cap_prm);
}
+
+int cr_fchown(int fd)
+{
+ if (cr_user_is_root())
+ return 0;
+
+ if (fchown(fd, cr_uid, cr_gid)) {
+ pr_perror("Can't chown to (%u,%u)", cr_uid, cr_gid);
+ return -1;
+ }
+
+ return 0;
+}
--
2.1.0
More information about the CRIU
mailing list