os-posix.c

   1 /*
   2  * os-posix.c
   3  *
   4  * Copyright (c) 2003-2008 Fabrice Bellard
   5  * Copyright (c) 2010 Red Hat, Inc.
   6  *
   7  * Permission is hereby granted, free of charge, to any person obtaining a copy
   8  * of this software and associated documentation files (the "Software"), to deal
   9  * in the Software without restriction, including without limitation the rights
  10  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  11  * copies of the Software, and to permit persons to whom the Software is
  12  * furnished to do so, subject to the following conditions:
  13  *
  14  * The above copyright notice and this permission notice shall be included in
  15  * all copies or substantial portions of the Software.
  16  *
  17  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  18  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  19  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
  20  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  21  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  22  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  23  * THE SOFTWARE.
  24  */
  25
  26 #include "qemu/osdep.h"
  27 #include <sys/resource.h>
  28 #include <sys/wait.h>
  29 #include <pwd.h>
  30 #include <grp.h>
  31 #include <libgen.h>
  32
  33 #include "qemu/error-report.h"
  34 #include "qemu/log.h"
  35 #include "sysemu/runstate.h"
  36 #include "qemu/cutils.h"
  37
  38 #ifdef CONFIG_LINUX
  39 #include <sys/prctl.h>
  40 #endif
  41
  42
  43 void os_setup_early_signal_handling(void)
  44 {
  45     struct sigaction act;
  46     sigfillset(&act.sa_mask);
  47     act.sa_flags = 0;
  48     act.sa_handler = SIG_IGN;
  49     sigaction(SIGPIPE, &act, NULL);
  50 }
  51
  52 static void termsig_handler(int signal, siginfo_t *info, void *c)
  53 {
  54     qemu_system_killed(info->si_signo, info->si_pid);
  55 }
  56
  57 void os_setup_signal_handling(void)
  58 {
  59     struct sigaction act;
  60
  61     memset(&act, 0, sizeof(act));
  62     act.sa_sigaction = termsig_handler;
  63     act.sa_flags = SA_SIGINFO;
  64     sigaction(SIGINT,  &act, NULL);
  65     sigaction(SIGHUP,  &act, NULL);
  66     sigaction(SIGTERM, &act, NULL);
  67 }
  68
  69 void os_set_proc_name(const char *s)
  70 {
  71 #if defined(PR_SET_NAME)
  72     char name[16];
  73     if (!s)
  74         return;
  75     pstrcpy(name, sizeof(name), s);
  76     /* Could rewrite argv[0] too, but that's a bit more complicated.
  77        This simple way is enough for `top'. */
  78     if (prctl(PR_SET_NAME, name)) {
  79         error_report("unable to change process name: %s", strerror(errno));
  80         exit(1);
  81     }
  82 #else
  83     error_report("Change of process name not supported by your OS");
  84     exit(1);
  85 #endif
  86 }
  87
  88
  89 /*
  90  * Must set all three of these at once.
  91  * Legal combinations are              unset   by name   by uid
  92  */
  93 static struct passwd *user_pwd;    /*   NULL   non-NULL   NULL   */
  94 static uid_t user_uid = (uid_t)-1; /*   -1      -1        >=0    */
  95 static gid_t user_gid = (gid_t)-1; /*   -1      -1        >=0    */
  96
  97 /*
  98  * Prepare to change user ID. user_id can be one of 3 forms:
  99  *   - a username, in which case user ID will be changed to its uid,
 100  *     with primary and supplementary groups set up too;
 101  *   - a numeric uid, in which case only the uid will be set;
 102  *   - a pair of numeric uid:gid.
 103  */
 104 bool os_set_runas(const char *user_id)
 105 {
 106     unsigned long lv;
 107     const char *ep;
 108     uid_t got_uid;
 109     gid_t got_gid;
 110     int rc;
 111
 112     user_pwd = getpwnam(user_id);
 113     if (user_pwd) {
 114         user_uid = -1;
 115         user_gid = -1;
 116         return true;
 117     }
 118
 119     rc = qemu_strtoul(user_id, &ep, 0, &lv);
 120     got_uid = lv; /* overflow here is ID in C99 */
 121     if (rc || *ep != ':' || got_uid != lv || got_uid == (uid_t)-1) {
 122         return false;
 123     }
 124
 125     rc = qemu_strtoul(ep + 1, 0, 0, &lv);
 126     got_gid = lv; /* overflow here is ID in C99 */
 127     if (rc || got_gid != lv || got_gid == (gid_t)-1) {
 128         return false;
 129     }
 130
 131     user_pwd = NULL;
 132     user_uid = got_uid;
 133     user_gid = got_gid;
 134     return true;
 135 }
 136
 137 static void change_process_uid(void)
 138 {
 139     assert((user_uid == (uid_t)-1) || user_pwd == NULL);
 140     assert((user_uid == (uid_t)-1) ==
 141            (user_gid == (gid_t)-1));
 142
 143     if (user_pwd || user_uid != (uid_t)-1) {
 144         gid_t intended_gid = user_pwd ? user_pwd->pw_gid : user_gid;
 145         uid_t intended_uid = user_pwd ? user_pwd->pw_uid : user_uid;
 146         if (setgid(intended_gid) < 0) {
 147             error_report("Failed to setgid(%d)", intended_gid);
 148             exit(1);
 149         }
 150         if (user_pwd) {
 151             if (initgroups(user_pwd->pw_name, user_pwd->pw_gid) < 0) {
 152                 error_report("Failed to initgroups(\"%s\", %d)",
 153                         user_pwd->pw_name, user_pwd->pw_gid);
 154                 exit(1);
 155             }
 156         } else {
 157             if (setgroups(1, &user_gid) < 0) {
 158                 error_report("Failed to setgroups(1, [%d])",
 159                         user_gid);
 160                 exit(1);
 161             }
 162         }
 163         if (setuid(intended_uid) < 0) {
 164             error_report("Failed to setuid(%d)", intended_uid);
 165             exit(1);
 166         }
 167         if (setuid(0) != -1) {
 168             error_report("Dropping privileges failed");
 169             exit(1);
 170         }
 171     }
 172 }
 173
 174
 175 static const char *chroot_dir;
 176
 177 void os_set_chroot(const char *path)
 178 {
 179     chroot_dir = path;
 180 }
 181
 182 static void change_root(void)
 183 {
 184     if (chroot_dir) {
 185         if (chroot(chroot_dir) < 0) {
 186             error_report("chroot failed");
 187             exit(1);
 188         }
 189         if (chdir("/")) {
 190             error_report("not able to chdir to /: %s", strerror(errno));
 191             exit(1);
 192         }
 193     }
 194
 195 }
 196
 197
 198 static int daemonize;
 199 static int daemon_pipe;
 200
 201 bool is_daemonized(void)
 202 {
 203     return daemonize;
 204 }
 205
 206 int os_set_daemonize(bool d)
 207 {
 208     daemonize = d;
 209     return 0;
 210 }
 211
 212 void os_daemonize(void)
 213 {
 214     if (daemonize) {
 215         pid_t pid;
 216         int fds[2];
 217
 218         if (!g_unix_open_pipe(fds, FD_CLOEXEC, NULL)) {
 219             exit(1);
 220         }
 221
 222         pid = fork();
 223         if (pid > 0) {
 224             uint8_t status;
 225             ssize_t len;
 226
 227             close(fds[1]);
 228
 229             do {
 230                 len = read(fds[0], &status, 1);
 231             } while (len < 0 && errno == EINTR);
 232
 233             /* only exit successfully if our child actually wrote
 234              * a one-byte zero to our pipe, upon successful init */
 235             exit(len == 1 && status == 0 ? 0 : 1);
 236
 237         } else if (pid < 0) {
 238             exit(1);
 239         }
 240
 241         close(fds[0]);
 242         daemon_pipe = fds[1];
 243
 244         setsid();
 245
 246         pid = fork();
 247         if (pid > 0) {
 248             exit(0);
 249         } else if (pid < 0) {
 250             exit(1);
 251         }
 252         umask(027);
 253
 254         signal(SIGTSTP, SIG_IGN);
 255         signal(SIGTTOU, SIG_IGN);
 256         signal(SIGTTIN, SIG_IGN);
 257     }
 258 }
 259
 260 void os_setup_limits(void)
 261 {
 262     struct rlimit nofile;
 263
 264     if (getrlimit(RLIMIT_NOFILE, &nofile) < 0) {
 265         warn_report("unable to query NOFILE limit: %s", strerror(errno));
 266         return;
 267     }
 268
 269     if (nofile.rlim_cur == nofile.rlim_max) {
 270         return;
 271     }
 272
 273     nofile.rlim_cur = nofile.rlim_max;
 274
 275     if (setrlimit(RLIMIT_NOFILE, &nofile) < 0) {
 276         warn_report("unable to set NOFILE limit: %s", strerror(errno));
 277         return;
 278     }
 279 }
 280
 281 void os_setup_post(void)
 282 {
 283     int fd = 0;
 284
 285     if (daemonize) {
 286         if (chdir("/")) {
 287             error_report("not able to chdir to /: %s", strerror(errno));
 288             exit(1);
 289         }
 290         fd = RETRY_ON_EINTR(qemu_open_old("/dev/null", O_RDWR));
 291         if (fd == -1) {
 292             exit(1);
 293         }
 294     }
 295
 296     change_root();
 297     change_process_uid();
 298
 299     if (daemonize) {
 300         uint8_t status = 0;
 301         ssize_t len;
 302
 303         dup2(fd, 0);
 304         dup2(fd, 1);
 305         /* In case -D is given do not redirect stderr to /dev/null */
 306         if (!qemu_log_enabled()) {
 307             dup2(fd, 2);
 308         }
 309
 310         close(fd);
 311
 312         do {
 313             len = write(daemon_pipe, &status, 1);
 314         } while (len < 0 && errno == EINTR);
 315         if (len != 1) {
 316             exit(1);
 317         }
 318     }
 319 }
 320
 321 void os_set_line_buffering(void)
 322 {
 323     setvbuf(stdout, NULL, _IOLBF, 0);
 324 }
 325
 326 int os_mlock(void)
 327 {
 328 #ifdef HAVE_MLOCKALL
 329     int ret = 0;
 330
 331     ret = mlockall(MCL_CURRENT | MCL_FUTURE);
 332     if (ret < 0) {
 333         error_report("mlockall: %s", strerror(errno));
 334     }
 335
 336     return ret;
 337 #else
 338     return -ENOSYS;
 339 #endif
 340 }