Mercurial > galleryd

view daemon.c @ 1:c2e82909c9b5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
daemon: basic skeleton Drop all but file read/write and net access privs. Signed-off-by: Josef 'Jeff' Sipek <jeffpc@josefsipek.net>
author Josef 'Jeff' Sipek <jeffpc@josefsipek.net>
date Thu, 27 Jul 2017 01:27:55 +0300
parents
children 545cda697d7a
line wrap: on
line source

/*
 * Copyright (c) 2017 Josef 'Jeff' Sipek <jeffpc@josefsipek.net>
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.
 */

#include <priv.h>

#include <jeffpc/jeffpc.h>
#include <jeffpc/version.h>
#include <jeffpc/error.h>
#include <jeffpc/types.h>

#include "version.h"

static int drop_privs()
{
	static const char *privs[] = {
		"file_read",
		"file_write",
		"net_access",
		NULL,
	};
	static const priv_ptype_t privsets[] = {
		PRIV_PERMITTED,
		PRIV_LIMIT,
		PRIV_INHERITABLE,
	};

	priv_set_t *wanted;
	int ret;
	int i;

	wanted = priv_allocset();
	if (!wanted)
		return -errno;

	priv_emptyset(wanted);

	for (i = 0; privs[i]; i++) {
		ret = priv_addset(wanted, privs[i]);
		if (ret) {
			ret = -errno;
			goto err_free;
		}
	}

	for (i = 0; i < ARRAY_LEN(privsets); i++) {
		ret = setppriv(PRIV_SET, privsets[i], wanted);
		if (ret == -1) {
			ret = -errno;
			break;
		}
	}

err_free:
	priv_freeset(wanted);

	return ret;
}

int main(int argc, char **argv)
{
	int ret;

	ASSERT0(putenv("TZ=UTC"));

	cmn_err(CE_INFO, "galleryd version %s", version_string);
	cmn_err(CE_INFO, "libjeffpc version %s", jeffpc_version);

	/* drop unneeded privs */
	ret = drop_privs();
	if (ret)
		goto err;

	jeffpc_init(NULL);

	return 0;

err:
	cmn_err(CE_DEBUG, "Failed to inintialize: %s", xstrerror(ret));

	return ret;
}