summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Golle2021-08-04 14:03:45 +0000
committerDaniel Golle2021-08-04 14:50:11 +0000
commit548d057b5fe23d1401791a497be84e2299684262 (patch)
treecf5e33242f6fd77d2ab268abea5e51b45f8cf2d1
parent93fc0893742092c7cbca5026da717a6ef2ae60b5 (diff)
downloadprocd-548d057b5fe23d1401791a497be84e2299684262.tar.gz
jail: don't ignore return value of seteuid()
Error out in case seteuid() fails. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Diffstat
-rw-r--r--jail/jail.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/jail/jail.c b/jail/jail.c
index 5a31e93..beb46f5 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -2816,7 +2816,10 @@ static void post_main(struct uloop_timeout *t)
ERROR("prctl(PR_SET_SECUREBITS) failed: %m\n");
free_and_exit(EXIT_FAILURE);
}
- seteuid(opts.root_map_uid);
+ if (seteuid(opts.root_map_uid)) {
+ ERROR("seteuid(%d) failed: %m\n", opts.root_map_uid);
+ free_and_exit(EXIT_FAILURE);
+ }
}
jail_process.pid = clone(exec_jail, child_stack + STACK_SIZE, SIGCHLD | (opts.namespace & (~CLONE_NEWCGROUP)), NULL);
@@ -2830,7 +2833,11 @@ static void post_main(struct uloop_timeout *t)
uloop_process_add(&jail_process);
jail_running = 1;
- seteuid(0);
+ if (seteuid(0)) {
+ ERROR("seteuid(%d) failed: %m\n", opts.root_map_uid);
+ free_and_exit(EXIT_FAILURE);
+ }
+
prctl(PR_SET_SECUREBITS, 0);
if (pidns_fd != -1) {
generated by cgit v1.2.3 (git 2.46.0) at 2026-03-26 03:34:10 +0000