From: Daniel P. Berrange Date: Wed, 28 Aug 2013 14:22:05 +0000 (+0100) Subject: Ensure system identity includes process start time X-Git-Tag: CVE-2013-4311~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e65667c0c6e016d42abea077e31628ae43f57b74;p=thirdparty%2Flibvirt.git Ensure system identity includes process start time The polkit access driver will want to use the process start time field. This was already set for network identities, but not for the system identity. Signed-off-by: Daniel P. Berrange --- diff --git a/src/util/viridentity.c b/src/util/viridentity.c index 03c375bccf..f681f85553 100644 --- a/src/util/viridentity.c +++ b/src/util/viridentity.c @@ -35,6 +35,7 @@ #include "virthread.h" #include "virutil.h" #include "virstring.h" +#include "virprocess.h" #define VIR_FROM_THIS VIR_FROM_IDENTITY @@ -142,11 +143,20 @@ virIdentityPtr virIdentityGetSystem(void) security_context_t con; #endif char *processid = NULL; + unsigned long long timestamp; + char *processtime = NULL; if (virAsprintf(&processid, "%llu", (unsigned long long)getpid()) < 0) goto cleanup; + if (virProcessGetStartTime(getpid(), ×tamp) < 0) + goto cleanup; + + if (timestamp != 0 && + virAsprintf(&processtime, "%llu", timestamp) < 0) + goto cleanup; + if (!(username = virGetUserName(getuid()))) goto cleanup; if (virAsprintf(&userid, "%d", (int)getuid()) < 0) @@ -198,6 +208,11 @@ virIdentityPtr virIdentityGetSystem(void) VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, processid) < 0) goto error; + if (processtime && + virIdentitySetAttr(ret, + VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME, + processtime) < 0) + goto error; cleanup: VIR_FREE(username); @@ -206,6 +221,7 @@ cleanup: VIR_FREE(groupid); VIR_FREE(seccontext); VIR_FREE(processid); + VIR_FREE(processtime); return ret; error: