diff options
| author | Jakob Unterwurzacher | 2025-02-26 20:55:07 +0100 |
|---|---|---|
| committer | Jakob Unterwurzacher | 2025-02-26 21:11:56 +0100 |
| commit | 49d797effbc0888975c51ac45371d91fc59ea2dc (patch) | |
| tree | 4cf614527e1f4d067f7326a2b62fdc0b18d1befd /internal/syscallcompat | |
| parent | 178f570d4076ee9be408c9eb5e50502275a180c6 (diff) | |
syscallcompat: move asUser to its own file
Diffstat (limited to 'internal/syscallcompat')
| -rw-r--r-- | internal/syscallcompat/asuser_linux.go | 49 | ||||
| -rw-r--r-- | internal/syscallcompat/sys_linux.go | 41 |
2 files changed, 49 insertions, 41 deletions
diff --git a/internal/syscallcompat/asuser_linux.go b/internal/syscallcompat/asuser_linux.go new file mode 100644 index 0000000..dac94f4 --- /dev/null +++ b/internal/syscallcompat/asuser_linux.go @@ -0,0 +1,49 @@ +package syscallcompat + +import ( + "runtime" + + "golang.org/x/sys/unix" + + "github.com/hanwen/go-fuse/v2/fuse" +) + +// asUser runs `f()` under the effective uid, gid, groups specified +// in `context`. +// +// If `context` is nil, `f()` is executed directly without switching user id. +func asUser(f func() (int, error), context *fuse.Context) (int, error) { + if context == nil { + return f() + } + + runtime.LockOSThread() + defer runtime.UnlockOSThread() + + // Since go1.16beta1 (commit d1b1145cace8b968307f9311ff611e4bb810710c , + // https://go-review.googlesource.com/c/go/+/210639 ) + // syscall.{Setgroups,Setregid,Setreuid} affects all threads, which + // is exactly what we not want. + // + // We now use unix.{Setgroups,Setregid,Setreuid} instead. + + err := unix.Setgroups(getSupplementaryGroups(context.Pid)) + if err != nil { + return -1, err + } + defer unix.Setgroups(nil) + + err = unix.Setregid(-1, int(context.Owner.Gid)) + if err != nil { + return -1, err + } + defer unix.Setregid(-1, 0) + + err = unix.Setreuid(-1, int(context.Owner.Uid)) + if err != nil { + return -1, err + } + defer unix.Setreuid(-1, 0) + + return f() +} diff --git a/internal/syscallcompat/sys_linux.go b/internal/syscallcompat/sys_linux.go index a64b27e..d769f96 100644 --- a/internal/syscallcompat/sys_linux.go +++ b/internal/syscallcompat/sys_linux.go @@ -4,7 +4,6 @@ package syscallcompat import ( "fmt" "io/ioutil" - "runtime" "strconv" "strings" "sync" @@ -93,46 +92,6 @@ func getSupplementaryGroups(pid uint32) (gids []int) { return nil } -// asUser runs `f()` under the effective uid, gid, groups specified -// in `context`. -// -// If `context` is nil, `f()` is executed directly without switching user id. -func asUser(f func() (int, error), context *fuse.Context) (int, error) { - if context == nil { - return f() - } - - runtime.LockOSThread() - defer runtime.UnlockOSThread() - - // Since go1.16beta1 (commit d1b1145cace8b968307f9311ff611e4bb810710c , - // https://go-review.googlesource.com/c/go/+/210639 ) - // syscall.{Setgroups,Setregid,Setreuid} affects all threads, which - // is exactly what we not want. - // - // We now use unix.{Setgroups,Setregid,Setreuid} instead. - - err := unix.Setgroups(getSupplementaryGroups(context.Pid)) - if err != nil { - return -1, err - } - defer unix.Setgroups(nil) - - err = unix.Setregid(-1, int(context.Owner.Gid)) - if err != nil { - return -1, err - } - defer unix.Setregid(-1, 0) - - err = unix.Setreuid(-1, int(context.Owner.Uid)) - if err != nil { - return -1, err - } - defer unix.Setreuid(-1, 0) - - return f() -} - // OpenatUser runs the Openat syscall in the context of a different user. // // It switches the current thread to the new user, performs the syscall, |