summaryrefslogtreecommitdiff
path: root/internal
diff options
context:
space:
mode:
Diffstat (limited to 'internal')
-rw-r--r--internal/syscallcompat/sys_linux.go59
1 files changed, 32 insertions, 27 deletions
diff --git a/internal/syscallcompat/sys_linux.go b/internal/syscallcompat/sys_linux.go
index 9672be7..a1d7d40 100644
--- a/internal/syscallcompat/sys_linux.go
+++ b/internal/syscallcompat/sys_linux.go
@@ -91,38 +91,43 @@ func getSupplementaryGroups(pid uint32) (gids []int) {
return nil
}
-// asUser runs the function `f` under the effective uid, gid, groups specified
+// asUser runs `f()` under the effective uid, gid, groups specified
// in `context`.
+//
+// If `context` is nil, `f()` is executed directly without switching user id.
func asUser(f func() (int, error), context *fuse.Context) (int, error) {
- if context != nil {
- runtime.LockOSThread()
- defer runtime.UnlockOSThread()
-
- // Since go1.16beta1 (commit d1b1145cace8b968307f9311ff611e4bb810710c ,
- // https://go-review.googlesource.com/c/go/+/210639 )
- // syscall.{Setgroups,Setregid,Setreuid} affects all threads, which
- // is exactly what we not want.
- //
- // We now use unix.{Setgroups,Setregid,Setreuid} instead.
-
- err := unix.Setgroups(getSupplementaryGroups(context.Pid))
- if err != nil {
- return -1, err
- }
- defer unix.Setgroups(nil)
+ if context == nil {
+ return f()
+ }
- err = unix.Setregid(-1, int(context.Owner.Gid))
- if err != nil {
- return -1, err
- }
- defer unix.Setregid(-1, 0)
+ runtime.LockOSThread()
+ defer runtime.UnlockOSThread()
- err = unix.Setreuid(-1, int(context.Owner.Uid))
- if err != nil {
- return -1, err
- }
- defer unix.Setreuid(-1, 0)
+ // Since go1.16beta1 (commit d1b1145cace8b968307f9311ff611e4bb810710c ,
+ // https://go-review.googlesource.com/c/go/+/210639 )
+ // syscall.{Setgroups,Setregid,Setreuid} affects all threads, which
+ // is exactly what we not want.
+ //
+ // We now use unix.{Setgroups,Setregid,Setreuid} instead.
+
+ err := unix.Setgroups(getSupplementaryGroups(context.Pid))
+ if err != nil {
+ return -1, err
}
+ defer unix.Setgroups(nil)
+
+ err = unix.Setregid(-1, int(context.Owner.Gid))
+ if err != nil {
+ return -1, err
+ }
+ defer unix.Setregid(-1, 0)
+
+ err = unix.Setreuid(-1, int(context.Owner.Uid))
+ if err != nil {
+ return -1, err
+ }
+ defer unix.Setreuid(-1, 0)
+
return f()
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-31 23:30:13 +0000