| commit | 2c42f1e80103cb926c0703d4c1ac1fb9c3e2c600 | |
| author | Ian Jackson <ian.jackson@eu.citrix.com> | |
| Fri, 15 Sep 2017 17:10:44 +0000 (15 18:10 +0100) | ||
| committer | Ian Jackson <Ian.Jackson@eu.citrix.com> | |
| Thu, 26 Apr 2018 15:29:51 +0000 (26 16:29 +0100) | ||
| tree | 7a70bba42c024c87a4fdc8a43c64c7bbcf462c41 | treesnapshot (tar.gz zip) |
| parent | f0a2171bf9f35b0430e18676a688b2c985f8917a | commitdiff |
os-posix: Provide new -runas <uid>:<gid> facility
This allows the caller to specify a uid and gid to use, even if there
is no corresponding password entry. This will be useful in certain
Xen configurations.
We don't support just -runas <uid> because: (i) deprivileging without
calling setgroups would be ineffective (ii) given only a uid we don't
know what gid we ought to use (since uids may eppear in multiple
passwd file entries with different gids).
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Reviewed-by: Anthony PERARD <anthony.perard@citrix.com>
CC: Paolo Bonzini <pbonzini@redhat.com>
CC: Markus Armbruster <armbru@redhat.com>
CC: Daniel P. Berrange <berrange@redhat.com>
CC: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
This allows the caller to specify a uid and gid to use, even if there
is no corresponding password entry. This will be useful in certain
Xen configurations.
We don't support just -runas <uid> because: (i) deprivileging without
calling setgroups would be ineffective (ii) given only a uid we don't
know what gid we ought to use (since uids may eppear in multiple
passwd file entries with different gids).
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Reviewed-by: Anthony PERARD <anthony.perard@citrix.com>
CC: Paolo Bonzini <pbonzini@redhat.com>
CC: Markus Armbruster <armbru@redhat.com>
CC: Daniel P. Berrange <berrange@redhat.com>
CC: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
| os-posix.c | diffblobblamehistory | |
| qemu-options.hx | diffblobblamehistory |