Mercurial > galleryd

changeset 1:c2e82909c9b5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
daemon: basic skeleton Drop all but file read/write and net access privs. Signed-off-by: Josef 'Jeff' Sipek <jeffpc@josefsipek.net>
author Josef 'Jeff' Sipek <jeffpc@josefsipek.net>
date Thu, 27 Jul 2017 01:27:55 +0300
parents 3ae73be13d33
children a36ce212c6fc
files CMakeLists.txt daemon.c
diffstat 2 files changed, 101 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/CMakeLists.txt	Thu Jul 27 01:18:28 2017 +0300
+++ b/CMakeLists.txt	Thu Jul 27 01:27:55 2017 +0300
@@ -55,6 +55,7 @@
 )
 
 add_executable(galleryd
+	daemon.c
 	version.c
 )
 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/daemon.c	Thu Jul 27 01:27:55 2017 +0300
@@ -0,0 +1,100 @@
+/*
+ * Copyright (c) 2017 Josef 'Jeff' Sipek <jeffpc@josefsipek.net>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+#include <priv.h>
+
+#include <jeffpc/jeffpc.h>
+#include <jeffpc/version.h>
+#include <jeffpc/error.h>
+#include <jeffpc/types.h>
+
+#include "version.h"
+
+static int drop_privs()
+{
+	static const char *privs[] = {
+		"file_read",
+		"file_write",
+		"net_access",
+		NULL,
+	};
+	static const priv_ptype_t privsets[] = {
+		PRIV_PERMITTED,
+		PRIV_LIMIT,
+		PRIV_INHERITABLE,
+	};
+
+	priv_set_t *wanted;
+	int ret;
+	int i;
+
+	wanted = priv_allocset();
+	if (!wanted)
+		return -errno;
+
+	priv_emptyset(wanted);
+
+	for (i = 0; privs[i]; i++) {
+		ret = priv_addset(wanted, privs[i]);
+		if (ret) {
+			ret = -errno;
+			goto err_free;
+		}
+	}
+
+	for (i = 0; i < ARRAY_LEN(privsets); i++) {
+		ret = setppriv(PRIV_SET, privsets[i], wanted);
+		if (ret == -1) {
+			ret = -errno;
+			break;
+		}
+	}
+
+err_free:
+	priv_freeset(wanted);
+
+	return ret;
+}
+
+int main(int argc, char **argv)
+{
+	int ret;
+
+	ASSERT0(putenv("TZ=UTC"));
+
+	cmn_err(CE_INFO, "galleryd version %s", version_string);
+	cmn_err(CE_INFO, "libjeffpc version %s", jeffpc_version);
+
+	/* drop unneeded privs */
+	ret = drop_privs();
+	if (ret)
+		goto err;
+
+	jeffpc_init(NULL);
+
+	return 0;
+
+err:
+	cmn_err(CE_DEBUG, "Failed to inintialize: %s", xstrerror(ret));
+
+	return ret;
+}