diff options
author | Michael Stone <michael@laptop.org> | 2009-12-09 03:44:03 (GMT) |
---|---|---|
committer | Michael Stone <michael@laptop.org> | 2009-12-09 03:44:03 (GMT) |
commit | e77e56f5309a247a96f454bb5516a194dd143cdd (patch) | |
tree | bf3459bf24bf73cbd593f6fc6742cb1cd7d84084 /rainbow | |
parent | cae1f620dd7a231caa73a6e044437edc3aef02f7 (diff) |
Teach rainbow to resume uids with more auxiliary groups.
Diffstat (limited to 'rainbow')
-rw-r--r-- | rainbow/rainbow/inject.py | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/rainbow/rainbow/inject.py b/rainbow/rainbow/inject.py index 7dd1d32..47d0cf9 100644 --- a/rainbow/rainbow/inject.py +++ b/rainbow/rainbow/inject.py @@ -2,12 +2,13 @@ import os from os import R_OK, W_OK, X_OK, fork, symlink, unlink, O_CREAT, O_EXCL, chown, chmod from os import setgroups, setgid, setuid, chdir, umask, execvpe, waitpid, WEXITSTATUS from os import getpid, getuid, _exit, rename, readlink -from os.path import join, basename, realpath, lexists, exists +from os.path import join, basename, realpath, lexists, exists, dirname from subprocess import check_call, Popen, PIPE from stat import S_IFDIR from tempfile import mkdtemp, mkstemp from grp import getgrnam, getgrgid from pwd import getpwuid +from glob import glob import resource from rainbow.util import Checker, mount, make_dirs, get_fds, read_envdir @@ -212,8 +213,9 @@ def maybe_add_gid(log, owner_uid, gid): log(1, "maybe_add_gid owner: %s members: %s result: %s", owner, members, owner in members) return owner in members -def configure_groups(log, owner_uid, groups, gid, data_group_to_gid, pset): +def configure_groups(log, owner_uid, groups, gid, data_group_to_gid, recorded_groups, pset): groups.insert(0, gid) + groups += recorded_groups for _, data_gid in data_group_to_gid: if maybe_add_gid(log, owner_uid, data_gid): @@ -292,6 +294,7 @@ def inject(log, spool, env, argv, cwd, pset, safe_fds, owner_uid, owner_gid, log(1, "resuming uid (%d) for owner (%d) with gid (%d) and home (%s)", uid, owner_uid, gid, home) # XXX: Need to verify ownership and membership before joining data groups. + recorded_groups = [int(basename(dirname(p))) for p in glob(join(spool, 'gid_to_members', '*', str(uid)))] data_group_to_gid = [(group, reserve_group(log, spool, owner_uid, uid, group)) for group in data_groups] configure_home(log, spool, home, owner_uid, owner_gid, uid, gid, data_group_to_gid) @@ -302,7 +305,7 @@ def inject(log, spool, env, argv, cwd, pset, safe_fds, owner_uid, owner_gid, check_home_dirs(owner_uid, owner_gid, home, data_group_to_gid) check_home(uid, gid, home) - groups = configure_groups(log, owner_uid, groups, gid, data_group_to_gid, pset) + groups = configure_groups(log, owner_uid, groups, gid, data_group_to_gid, recorded_groups, pset) if xephyr: env.update(configure_xephyr(log, spool, owner_gid, uid, env, safe_fds)) if assistant: |