qbit/go
1
0
Fork 0
mirror of https://github.com/golang/go synced 2024-11-22 03:04:41 -07:00
Code Releases Activity

syscall: StartProcess Chroot and Credential.

Browse Source 
R=rsc, iant, agl1
CC=golang-dev
https://golang.org/cl/4280065
This commit is contained in:
Albert Strasheim 2011-03-29 14:29:22 -04:00 committed by Adam Langley
parent 0793176451
commit d41d6fec10
1 changed files with 47 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
src/pkg/syscall/exec_unix.go
View File

@ -96,7 +96,7 @@ func SetNonblock(fd int, nonblocking bool) (errno int) {
// no rescheduling, no malloc calls, and no new stack segments. // no rescheduling, no malloc calls, and no new stack segments.
// The calls to RawSyscall are okay because they are assembly // The calls to RawSyscall are okay because they are assembly
// functions that do not grow the stack. // functions that do not grow the stack.
func forkAndExecInChild(argv0 *byte, argv, envv []*byte, dir *byte, attr *ProcAttr, pipe int) (pid int, err int) { func forkAndExecInChild(argv0 *byte, argv, envv []*byte, chroot, dir *byte, attr *ProcAttr, pipe int) (pid int, err int) {
// Declare all variables at top in case any // Declare all variables at top in case any
// declarations require heap allocation (e.g., err1). // declarations require heap allocation (e.g., err1).
var r1, r2, err1 uintptr var r1, r2, err1 uintptr
@ -146,6 +146,35 @@ func forkAndExecInChild(argv0 *byte, argv, envv []*byte, dir *byte, attr *ProcAt
} }
} }
// Chroot
if chroot != nil {
_, _, err1 = RawSyscall(SYS_CHROOT, uintptr(unsafe.Pointer(chroot)), 0, 0)
if err1 != 0 {
goto childerror
}
}
// User and groups
if attr.Credential != nil {
ngroups := uintptr(len(attr.Credential.Groups))
groups := uintptr(0)
if ngroups > 0 {
groups = uintptr(unsafe.Pointer(&attr.Credential.Groups[0]))
}
_, _, err1 = RawSyscall(SYS_SETGROUPS, ngroups, groups, 0)
if err1 != 0 {
goto childerror
}
_, _, err1 = RawSyscall(SYS_SETGID, uintptr(attr.Credential.Gid), 0, 0)
if err1 != 0 {
goto childerror
}
_, _, err1 = RawSyscall(SYS_SETUID, uintptr(attr.Credential.Uid), 0, 0)
if err1 != 0 {
goto childerror
}
}
// Chdir // Chdir
if dir != nil { if dir != nil {
_, _, err1 = RawSyscall(SYS_CHDIR, uintptr(unsafe.Pointer(dir)), 0, 0) _, _, err1 = RawSyscall(SYS_CHDIR, uintptr(unsafe.Pointer(dir)), 0, 0)
@ -231,13 +260,20 @@ childerror:
panic("unreached") panic("unreached")
} }
type Credential struct {
Uid uint32 // User ID.
Gid uint32 // Group ID.
Groups []uint32 // Supplementary group IDs.
}
type ProcAttr struct { type ProcAttr struct {
Setsid bool // Create session. Setsid bool // Create session.
Ptrace bool // Enable tracing. Ptrace bool // Enable tracing.
Dir string // Current working directory. Dir string // Current working directory.
Env []string // Environment. Env []string // Environment.
Files []int // File descriptors. Files []int // File descriptors.
Chroot string // Chroot.
Credential *Credential // Credential.
} }
var zeroAttributes ProcAttr var zeroAttributes ProcAttr
@ -264,6 +300,10 @@ func forkExec(argv0 string, argv []string, attr *ProcAttr) (pid int, err int) {
argvp[0] = argv0p argvp[0] = argv0p
} }
var chroot *byte
if attr.Chroot != "" {
chroot = StringBytePtr(attr.Chroot)
}
var dir *byte var dir *byte
if attr.Dir != "" { if attr.Dir != "" {
dir = StringBytePtr(attr.Dir) dir = StringBytePtr(attr.Dir)
@ -286,7 +326,7 @@ func forkExec(argv0 string, argv []string, attr *ProcAttr) (pid int, err int) {
} }
// Kick off child. // Kick off child.
pid, err = forkAndExecInChild(argv0p, argvp, envvp, dir, attr, p[1]) pid, err = forkAndExecInChild(argv0p, argvp, envvp, chroot, dir, attr, p[1])
if err != 0 { if err != 0 {
error: error:
if p[0] >= 0 { if p[0] >= 0 {