From: Laine Stump <laine@laine.org>
Date: Fri, 1 Feb 2013 21:26:25 +0000 (-0500)
Subject: util: drop capabilities immediately after changing uid/gid of child
X-Git-Tag: v1.0.3-rc1~114
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c0e3e685cd0b3f2e8abb137fcf57d5fddececb9a;p=thirdparty%2Flibvirt.git

util: drop capabilities immediately after changing uid/gid of child

This is an interim measure to make sure everything still works in this
order. The next step will be to perform capabilities drop and
setuid/gid as a single operation (which is the only way to keep any
capabilities when switching to a non-root uid).
---

diff --git a/src/util/vircommand.c b/src/util/vircommand.c
index 0699fdbae1..b0361dc82d 100644
--- a/src/util/vircommand.c
+++ b/src/util/vircommand.c
@@ -652,6 +652,12 @@ virExec(virCommandPtr cmd)
             goto fork_error;
     }
 
+    /* The steps above may need todo something privileged, so
+     * we delay clearing capabilities until the last minute */
+    if (cmd->capabilities || (cmd->flags & VIR_EXEC_CLEAR_CAPS))
+        if (virSetCapabilities(cmd->capabilities) < 0)
+            goto fork_error;
+
     if (cmd->pwd) {
         VIR_DEBUG("Running child in %s", cmd->pwd);
         if (chdir(cmd->pwd) < 0) {
@@ -670,12 +676,6 @@ virExec(virCommandPtr cmd)
         goto fork_error;
     }
 
-    /* The steps above may need todo something privileged, so
-     * we delay clearing capabilities until the last minute */
-    if (cmd->capabilities || (cmd->flags & VIR_EXEC_CLEAR_CAPS))
-        if (virSetCapabilities(cmd->capabilities) < 0)
-            goto fork_error;
-
     /* Close logging again to ensure no FDs leak to child */
     virLogReset();