#include "udev-trace.h"
#include "udev-util.h"
#include "udev-worker.h"
+#include "uid-classification.h"
#include "user-util.h"
#include "virt.h"
return log_line_error_errno(rule_line, r, "Unknown user '%s', ignoring.", name);
if (r < 0)
return log_line_error_errno(rule_line, r, "Failed to resolve user '%s', ignoring: %m", name);
+ if (!uid_is_system(uid))
+ return log_line_error_errno(rule_line, SYNTHETIC_ERRNO(EINVAL),
+ "User '%s' is not a system user (UID="UID_FMT"), ignoring.", name, uid);
n = strdup(name);
if (!n)
return log_line_error_errno(rule_line, r, "Unknown group '%s', ignoring.", name);
if (r < 0)
return log_line_error_errno(rule_line, r, "Failed to resolve group '%s', ignoring: %m", name);
+ if (!gid_is_system(gid))
+ return log_line_error_errno(rule_line, SYNTHETIC_ERRNO(EINVAL),
+ "Group '%s' is not a system group (GID="GID_FMT"), ignoring.", name, gid);
n = strdup(name);
if (!n)
op = OP_ASSIGN;
}
- if (parse_uid(value, &uid) >= 0)
+ if (parse_uid(value, &uid) >= 0) {
+ if (!uid_is_system(uid))
+ return log_line_error_errno(rule_line, SYNTHETIC_ERRNO(EINVAL),
+ "UID="UID_FMT" is not in the system user range, ignoring.", uid);
+
r = rule_line_add_token(rule_line, TK_A_OWNER_ID, op, NULL, UID_TO_PTR(uid), /* is_case_insensitive = */ false, token_str);
- else if (resolve_name_timing == RESOLVE_NAME_EARLY &&
+ } else if (resolve_name_timing == RESOLVE_NAME_EARLY &&
rule_get_substitution_type(value) == SUBST_TYPE_PLAIN) {
r = rule_resolve_user(rule_line, value, &uid);
op = OP_ASSIGN;
}
- if (parse_gid(value, &gid) >= 0)
+ if (parse_gid(value, &gid) >= 0) {
+ if (!gid_is_system(gid))
+ return log_line_error_errno(rule_line, SYNTHETIC_ERRNO(EINVAL),
+ "GID="GID_FMT" is not in the system group range, ignoring.", gid);
+
r = rule_line_add_token(rule_line, TK_A_GROUP_ID, op, NULL, GID_TO_PTR(gid), /* is_case_insensitive = */ false, token_str);
- else if (resolve_name_timing == RESOLVE_NAME_EARLY &&
+ } else if (resolve_name_timing == RESOLVE_NAME_EARLY &&
rule_get_substitution_type(value) == SUBST_TYPE_PLAIN) {
r = rule_resolve_group(rule_line, value, &gid);
if (!apply_format_value(event, token, owner, sizeof(owner), "user name"))
return true;
+ uid_t uid;
r = get_user_creds(
&ow,
- &event->uid,
+ &uid,
/* ret_gid = */ NULL,
/* ret_home = */ NULL,
/* ret_shell = */ NULL,
log_event_error_errno(event, token, r, "Unknown user \"%s\", ignoring.", owner);
else if (r < 0)
log_event_error_errno(event, token, r, "Failed to resolve user \"%s\", ignoring: %m", owner);
- else
+ else if (!uid_is_system(uid))
+ log_event_error(event, token, "User \"%s\" is not a system user (UID="UID_FMT"), ignoring.", owner, uid);
+ else {
+ event->uid = uid;
log_event_debug(event, token, "Set owner: %s(%u)", owner, event->uid);
+ }
return true;
}
case TK_A_GROUP: {
if (!apply_format_value(event, token, group, sizeof(group), "group name"))
return true;
- r = get_group_creds(&gr, &event->gid, USER_CREDS_ALLOW_MISSING);
+ gid_t gid;
+ r = get_group_creds(&gr, &gid, USER_CREDS_ALLOW_MISSING);
if (r == -ESRCH)
log_event_error_errno(event, token, r, "Unknown group \"%s\", ignoring.", group);
else if (r < 0)
log_event_error_errno(event, token, r, "Failed to resolve group \"%s\", ignoring: %m", group);
- else
+ else if (!gid_is_system(gid))
+ log_event_error(event, token, "Group \"%s\" is not a system group (GID="GID_FMT"), ignoring.", group, gid);
+ else {
+ event->gid = gid;
log_event_debug(event, token, "Set group: %s(%u)", group, event->gid);
+ }
return true;
}
case TK_A_MODE: {
projects / thirdparty / systemd.git / commitdiff
