Module: OsCtld::SwitchUser

Extended by:
OsCtl::Lib::Utils::System
Includes:
OsCtl::Lib::Utils::Log
Defined in:
lib/osctld/switch_user.rb

Constant Summary collapse

SYSTEM_PATH =
%w(/bin /usr/bin /sbin /usr/sbin /run/current-system/sw/bin)

Class Method Summary collapse

Class Method Details

.apply_prlimits(pid, prlimits) ⇒ Object

Apply process resource limits

Parameters:

  • pid (Integer)
  • prlimits (Hash)


109
110
111
112
113
114
115
116
117
118
# File 'lib/osctld/switch_user.rb', line 109

def self.apply_prlimits(pid, prlimits)
  prlimits.each do |name, limit|
    PrLimits.set(
      pid,
      PrLimits.resource_to_const(name),
      limit[:soft],
      limit[:hard]
    )
  end
end

.close_fds(except: []) ⇒ Object

Close open file descriptors

Parameters:

  • except (Array<IO, Integer>) (defaults to: [])


122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
# File 'lib/osctld/switch_user.rb', line 122

def self.close_fds(except: [])
  except_filenos = except.map do |v|
    if v.is_a?(::IO)
      v.fileno
    else
      v
    end
  end

  walk_fds do |fd|
    next if except_filenos.include?(fd)

    begin
      IO.new(fd).close
    rescue ArgumentError, Errno::EBADF
    end
  end
end

.fork_and_switch_to(sysuser, ugid, homedir, cgroup_path, opts = {}, &block) ⇒ Object

Fork a process running as unprivileged user

Parameters:

  • sysuser (String)
  • ugid (Integer)
  • homedir (String)
  • cgroup_path (String)
  • opts (Hash) (defaults to: {})

    options

Options Hash (opts):

  • :chown_cgroups (Boolean) — default: true
  • :prlimits (Hash)
  • :oom_score_adj (Integer, nil)


21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# File 'lib/osctld/switch_user.rb', line 21

def self.fork_and_switch_to(sysuser, ugid, homedir, cgroup_path, opts = {}, &block)
  r, w = IO.pipe

  keep_fds = (opts[:keep_fds] || []).clone

  if !opts.has_key?(:keep_stdfds) || opts[:keep_stdfds]
    keep_fds << 0 << 1 << 2
  end

  keep_fds << r

  pid = Process.fork do
    w.close
    close_fds(except: keep_fds)

    if opts[:oom_score_adj]
      File.open('/proc/self/oom_score_adj', 'w') do |f|
        f.write(opts[:oom_score_adj].to_s)
      end
    end

    switch_to(sysuser, ugid, homedir, cgroup_path, opts)

    msg = r.readline.strip
    r.close

    if msg == 'ready'
      block.call
    else
      exit(false)
    end
  end

  r.close

  apply_prlimits(pid, opts[:prlimits]) if opts[:prlimits]

  w.puts('ready')
  w.close
  pid
end

.switch_to(sysuser, ugid, homedir, cgroup_path, opts = {}) ⇒ Object

Switch the current process to an unprivileged user



64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
# File 'lib/osctld/switch_user.rb', line 64

def self.switch_to(sysuser, ugid, homedir, cgroup_path, opts = {})
  chown_cgroups = opts.has_key?(:chown_cgroups) ? opts[:chown_cgroups] : true

  # Environment
  ENV.delete('XDG_SESSION_ID')
  ENV.delete('XDG_RUNTIME_DIR')

  ENV['HOME'] = homedir
  ENV['USER'] = sysuser

  # CGroups
  CGroup.subsystems.each do |subsys|
    CGroup.mkpath(
      subsys,
      cgroup_path.split('/'),
      attach: true,
      chown: chown_cgroups ? ugid : false
    )
  end

  # Switch
  Process.groups = [ugid]
  Process::Sys.setgid(ugid)
  Process::Sys.setuid(ugid)
end

.switch_to_system(sysuser, uid, gid, homedir) ⇒ Object

Switch the current process to an unprivileged users, but do not change cgroups.



92
93
94
95
96
97
98
99
100
101
102
103
104
# File 'lib/osctld/switch_user.rb', line 92

def self.switch_to_system(sysuser, uid, gid, homedir)
  # Environment
  ENV.delete('XDG_SESSION_ID')
  ENV.delete('XDG_RUNTIME_DIR')

  ENV['HOME'] = homedir
  ENV['USER'] = sysuser

  # Switch
  Process.groups = [gid]
  Process::Sys.setgid(gid)
  Process::Sys.setuid(uid)
end

.walk_fds {|fd| ... } ⇒ Object

Yield all open file descriptors

Yield Parameters:

  • fd (Integer)


143
144
145
146
147
148
# File 'lib/osctld/switch_user.rb', line 143

def self.walk_fds
  Dir.entries('/proc/self/fd').each do |v|
    next if %w(. ..).include?(v)
    yield(v.to_i)
  end
end