本文整理汇总了Golang中syscall.Setgroups函数的典型用法代码示例。如果您正苦于以下问题:Golang Setgroups函数的具体用法?Golang Setgroups怎么用?Golang Setgroups使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了Setgroups函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: ExecAsUser
func (UserExecer) ExecAsUser(uid, gid int, workDir, programName string, args ...string) error {
if _, _, errNo := syscall.RawSyscall(syscall.SYS_SETGID, uintptr(gid), 0, 0); errNo != 0 {
return fmt.Errorf("system: setgid: %s", errNo.Error())
}
if err := syscall.Setgroups([]int{}); err != nil {
return fmt.Errorf("system: setgroups: %s", err)
}
if _, _, errNo := syscall.RawSyscall(syscall.SYS_SETUID, uintptr(uid), 0, 0); errNo != 0 {
return fmt.Errorf("system: setuid: %s", errNo.Error())
}
if workDir == "" {
return errors.New("system: working directory is not provided.")
}
if err := os.MkdirAll(workDir, 0755); err != nil {
return fmt.Errorf("system: %s", err)
}
if err := os.Chdir(workDir); err != nil {
return fmt.Errorf("system: invalid working directory: %s", workDir)
}
programPath, err := exec.LookPath(programName)
if err != nil {
return fmt.Errorf("system: program '%s' was not found in $PATH: %s", programName, err)
}
if err := syscall.Exec(programPath, append([]string{programName}, args...), os.Environ()); err != nil {
return fmt.Errorf("system: exec of %s: %s", programName, err)
}
return nil
}示例2: SetupUser
// SetupUser changes the groups, gid, and uid for the user inside the container
func SetupUser(u string) error {
uid, gid, suppGids, home, err := user.GetUserGroupSupplementaryHome(u, syscall.Getuid(), syscall.Getgid(), "/")
if err != nil {
return fmt.Errorf("get supplementary groups %s", err)
}
if err := syscall.Setgroups(suppGids); err != nil {
return fmt.Errorf("setgroups %s", err)
}
if err := syscall.Setgid(gid); err != nil {
return fmt.Errorf("setgid %s", err)
}
if err := syscall.Setuid(uid); err != nil {
return fmt.Errorf("setuid %s", err)
}
// if we didn't get HOME already, set it based on the user's HOME
if envHome := os.Getenv("HOME"); envHome == "" {
if err := os.Setenv("HOME", home); err != nil {
return fmt.Errorf("set HOME %s", err)
}
}
return nil
}示例3: DropPrivileges
func DropPrivileges(username string) error {
userInfo, err := user.Lookup(username)
if err != nil {
return err
}
uid, err := strconv.Atoi(userInfo.Uid)
if err != nil {
return err
}
gid, err := strconv.Atoi(userInfo.Gid)
if err != nil {
return err
}
// TODO: should set secondary groups too
err = syscall.Setgroups([]int{gid})
if err != nil {
return err
}
err = syscall.Setgid(gid)
if err != nil {
return err
}
err = syscall.Setuid(uid)
if err != nil {
return err
}
return nil
}示例4: SetupUser
// SetupUser changes the groups, gid, and uid for the user inside the container
func SetupUser(u string) error {
// Set up defaults.
defaultExecUser := user.ExecUser{
Uid: syscall.Getuid(),
Gid: syscall.Getgid(),
Home: "/",
}
passwdPath, err := user.GetPasswdPath()
if err != nil {
return err
}
groupPath, err := user.GetGroupPath()
if err != nil {
return err
}
execUser, err := user.GetExecUserPath(u, &defaultExecUser, passwdPath, groupPath)
if err != nil {
return fmt.Errorf("get supplementary groups %s", err)
}
// if not root - check uid/gid by hand if seccomp is not working
if syscall.Geteuid() > 0 && (execUser.Uid <= MIN_UID || execUser.Gid <= MIN_GID) {
return fmt.Errorf("Invalid UID or GID")
}
// set supplementary groups
if err := syscall.Setgroups(execUser.Sgids); err != nil {
return fmt.Errorf("setgroups %s", err)
}
// set gid
if err := system.Setgid(execUser.Gid); err != nil {
return fmt.Errorf("setgid %s", err)
}
// check if setgid is successfull
if syscall.Getgid() != execUser.Gid {
return fmt.Errorf("setgid failed")
}
// set uid
if err := system.Setuid(execUser.Uid); err != nil {
return fmt.Errorf("setuid %s", err)
}
// check if setuid is successful
if syscall.Getuid() != execUser.Uid {
return fmt.Errorf("setuid failed")
}
// if we didn't get HOME already, set it based on the user's HOME
if envHome := os.Getenv("HOME"); envHome == "" {
if err := os.Setenv("HOME", execUser.Home); err != nil {
return fmt.Errorf("set HOME %s", err)
}
}
return nil
}示例5: setupUser
// setupUser changes the groups, gid, and uid for the user inside the container
func setupUser(config *initConfig) error {
// Set up defaults.
defaultExecUser := user.ExecUser{
Uid: syscall.Getuid(),
Gid: syscall.Getgid(),
Home: "/",
}
passwdPath, err := user.GetPasswdPath()
if err != nil {
return err
}
groupPath, err := user.GetGroupPath()
if err != nil {
return err
}
execUser, err := user.GetExecUserPath(config.User, &defaultExecUser, passwdPath, groupPath)
if err != nil {
return err
}
var addGroups []int
if len(config.Config.AdditionalGroups) > 0 {
addGroups, err = user.GetAdditionalGroupsPath(config.Config.AdditionalGroups, groupPath)
if err != nil {
return err
}
}
// change the permissions on the STDIO of the current process so that when the user
// is changed for the container, it's STDIO of the process matches the user.
for _, fd := range []uintptr{
os.Stdin.Fd(),
os.Stderr.Fd(),
os.Stdout.Fd(),
} {
if err := syscall.Fchown(int(fd), execUser.Uid, execUser.Gid); err != nil {
return err
}
}
suppGroups := append(execUser.Sgids, addGroups...)
if err := syscall.Setgroups(suppGroups); err != nil {
return err
}
if err := system.Setgid(execUser.Gid); err != nil {
return err
}
if err := system.Setuid(execUser.Uid); err != nil {
return err
}
// if we didn't get HOME already, set it based on the user's HOME
if envHome := os.Getenv("HOME"); envHome == "" {
if err := os.Setenv("HOME", execUser.Home); err != nil {
return err
}
}
return nil
}示例6: setupUser
// setupUser changes the groups, gid, and uid for the user inside the container
func setupUser(config *initConfig) error {
// Set up defaults.
defaultExecUser := user.ExecUser{
Uid: syscall.Getuid(),
Gid: syscall.Getgid(),
Home: "/",
}
passwdPath, err := user.GetPasswdPath()
if err != nil {
return err
}
groupPath, err := user.GetGroupPath()
if err != nil {
return err
}
execUser, err := user.GetExecUserPath(config.User, &defaultExecUser, passwdPath, groupPath)
if err != nil {
return err
}
var addGroups []int
if len(config.Config.AdditionalGroups) > 0 {
addGroups, err = user.GetAdditionalGroupsPath(config.Config.AdditionalGroups, groupPath)
if err != nil {
return err
}
}
// before we change to the container's user make sure that the processes STDIO
// is correctly owned by the user that we are switching to.
if err := fixStdioPermissions(execUser); err != nil {
return err
}
suppGroups := append(execUser.Sgids, addGroups...)
if err := syscall.Setgroups(suppGroups); err != nil {
return err
}
if err := system.Setgid(execUser.Gid); err != nil {
return err
}
if err := system.Setuid(execUser.Uid); err != nil {
return err
}
// if we didn't get HOME already, set it based on the user's HOME
if envHome := os.Getenv("HOME"); envHome == "" {
if err := os.Setenv("HOME", execUser.Home); err != nil {
return err
}
}
return nil
}示例7: MaybeBecomeChildProcess
func MaybeBecomeChildProcess() {
lrs := os.Getenv("_RUNSIT_LAUNCH_INFO")
if lrs == "" {
return
}
defer os.Exit(2) // should never make it this far, though
lr := new(LaunchRequest)
d := gob.NewDecoder(base64.NewDecoder(base64.StdEncoding, strings.NewReader(lrs)))
err := d.Decode(lr)
if err != nil {
log.Fatalf("Failed to decode LaunchRequest in child: %v", err)
}
if lr.NumFiles != 0 {
var lim syscall.Rlimit
if err := syscall.Getrlimit(syscall.RLIMIT_NOFILE, &lim); err != nil {
log.Fatalf("failed to get NOFILE rlimit: %v", err)
}
noFile := rlim_t(lr.NumFiles)
lim.Cur = noFile
lim.Max = noFile
if err := syscall.Setrlimit(syscall.RLIMIT_NOFILE, &lim); err != nil {
log.Fatalf("failed to set NOFILE rlimit: %v", err)
}
}
if lr.Gid != 0 {
if err := syscall.Setgid(lr.Gid); err != nil {
log.Fatalf("failed to Setgid(%d): %v", lr.Gid, err)
}
}
if len(lr.Gids) != 0 {
if err := syscall.Setgroups(lr.Gids); err != nil {
log.Printf("setgroups: %v", err)
}
}
if lr.Uid != 0 {
if err := syscall.Setuid(lr.Uid); err != nil {
log.Fatalf("failed to Setuid(%d): %v", lr.Uid, err)
}
}
if lr.Path != "" {
err = os.Chdir(lr.Dir)
if err != nil {
log.Fatalf("failed to chdir to %q: %v", lr.Dir, err)
}
}
err = syscall.Exec(lr.Path, lr.Argv, lr.Env)
log.Fatalf("failed to exec %q: %v", lr.Path, err)
}示例8: setupUser
// setupUser changes the groups, gid, and uid for the user inside the container
func setupUser(config *initConfig) error {
// Set up defaults.
defaultExecUser := user.ExecUser{
Uid: syscall.Getuid(),
Gid: syscall.Getgid(),
Home: "/",
}
passwdPath, err := user.GetPasswdPath()
if err != nil {
return err
}
groupPath, err := user.GetGroupPath()
if err != nil {
return err
}
execUser, err := user.GetExecUserPath(config.User, &defaultExecUser, passwdPath, groupPath)
if err != nil {
return err
}
var addGroups []int
if len(config.Config.AdditionalGroups) > 0 {
addGroups, err = user.GetAdditionalGroupsPath(config.Config.AdditionalGroups, groupPath)
if err != nil {
return err
}
}
suppGroups := append(execUser.Sgids, addGroups...)
if err := syscall.Setgroups(suppGroups); err != nil {
return err
}
if err := system.Setgid(execUser.Gid); err != nil {
return err
}
if err := system.Setuid(execUser.Uid); err != nil {
return err
}
// if we didn't get HOME already, set it based on the user's HOME
if envHome := os.Getenv("HOME"); envHome == "" {
if err := os.Setenv("HOME", execUser.Home); err != nil {
return err
}
}
return nil
}示例9: SetupUser
// SetupUser changes the groups, gid, and uid for the user inside the container
func SetupUser(container *libcontainer.Config) error {
// Set up defaults.
defaultExecUser := user.ExecUser{
Uid: syscall.Getuid(),
Gid: syscall.Getgid(),
Home: "/",
}
passwdPath, err := user.GetPasswdPath()
if err != nil {
return err
}
groupPath, err := user.GetGroupPath()
if err != nil {
return err
}
execUser, err := user.GetExecUserPath(container.User, &defaultExecUser, passwdPath, groupPath)
if err != nil {
return fmt.Errorf("get supplementary groups %s", err)
}
suppGroups := append(execUser.Sgids, container.AdditionalGroups...)
if err := syscall.Setgroups(suppGroups); err != nil {
return fmt.Errorf("setgroups %s", err)
}
if err := system.Setgid(execUser.Gid); err != nil {
return fmt.Errorf("setgid %s", err)
}
if err := system.Setuid(execUser.Uid); err != nil {
return fmt.Errorf("setuid %s", err)
}
// if we didn't get HOME already, set it based on the user's HOME
if envHome := os.Getenv("HOME"); envHome == "" {
if err := os.Setenv("HOME", execUser.Home); err != nil {
return fmt.Errorf("set HOME %s", err)
}
}
return nil
}示例10: changeUser
func changeUser(name string) error {
user, err := user.Lookup(name)
if err != nil {
return err
}
uid, err := strconv.Atoi(user.Uid)
if err != nil {
return err
}
gid, err := strconv.Atoi(user.Gid)
if err = syscall.Setgroups([]int{gid}); err != nil {
return err
}
if err = syscall.Setuid(uid); err != nil {
return err
}
return nil
}示例11: SetupUser
// SetupUser changes the groups, gid, and uid for the user inside the container
func SetupUser(u string) error {
// Set up defaults.
defaultExecUser := user.ExecUser{
Uid: syscall.Getuid(),
Gid: syscall.Getgid(),
Home: "/",
}
passwdFile, err := user.GetPasswdFile()
if err != nil {
return err
}
groupFile, err := user.GetGroupFile()
if err != nil {
return err
}
execUser, err := user.GetExecUserFile(u, &defaultExecUser, passwdFile, groupFile)
if err != nil {
return fmt.Errorf("get supplementary groups %s", err)
}
if err := syscall.Setgroups(execUser.Sgids); err != nil {
return fmt.Errorf("setgroups %s", err)
}
if err := system.Setgid(execUser.Gid); err != nil {
return fmt.Errorf("setgid %s", err)
}
if err := system.Setuid(execUser.Uid); err != nil {
return fmt.Errorf("setuid %s", err)
}
// if we didn't get HOME already, set it based on the user's HOME
if envHome := os.Getenv("HOME"); envHome == "" {
if err := os.Setenv("HOME", execUser.Home); err != nil {
return fmt.Errorf("set HOME %s", err)
}
}
return nil
}示例12: SetupUser
// SetupUser changes the groups, gid, and uid for the user inside the container
func SetupUser(u string) error {
uid, gid, suppGids, err := user.GetUserGroupSupplementary(u, syscall.Getuid(), syscall.Getgid())
if err != nil {
return fmt.Errorf("get supplementary groups %s", err)
}
if err := syscall.Setgroups(suppGids); err != nil {
return fmt.Errorf("setgroups %s", err)
}
if err := syscall.Setgid(gid); err != nil {
return fmt.Errorf("setgid %s", err)
}
if err := syscall.Setuid(uid); err != nil {
return fmt.Errorf("setuid %s", err)
}
return nil
}示例13: changeUser
// Takes care of dropping privileges to the desired user
func changeUser(args *execdriver.InitArgs) error {
uid, gid, suppGids, err := user.GetUserGroupSupplementary(
args.User,
syscall.Getuid(), syscall.Getgid(),
)
if err != nil {
return err
}
if err := syscall.Setgroups(suppGids); err != nil {
return fmt.Errorf("Setgroups failed: %v", err)
}
if err := syscall.Setgid(gid); err != nil {
return fmt.Errorf("Setgid failed: %v", err)
}
if err := syscall.Setuid(uid); err != nil {
return fmt.Errorf("Setuid failed: %v", err)
}
return nil
}示例14: setupUser
// setupUser changes the groups, gid, and uid for the user inside the container
// copy from libcontainer, cause not it's private
func setupUser(userSpec string) error {
// Set up defaults.
defaultExecUser := user.ExecUser{
Uid: syscall.Getuid(),
Gid: syscall.Getgid(),
Home: "/",
}
passwdPath, err := user.GetPasswdPath()
if err != nil {
return err
}
groupPath, err := user.GetGroupPath()
if err != nil {
return err
}
execUser, err := user.GetExecUserPath(userSpec, &defaultExecUser, passwdPath, groupPath)
if err != nil {
return err
}
if err := syscall.Setgroups(execUser.Sgids); err != nil {
return err
}
if err := system.Setgid(execUser.Gid); err != nil {
return err
}
if err := system.Setuid(execUser.Uid); err != nil {
return err
}
// if we didn't get HOME already, set it based on the user's HOME
if envHome := os.Getenv("HOME"); envHome == "" {
if err := os.Setenv("HOME", execUser.Home); err != nil {
return err
}
}
return nil
}示例15: SetupUser
// SetupUser changes the groups, gid, and uid for the user inside the container
func SetupUser(u string) error {
// Set up defaults.
defaultExecUser := user.ExecUser{
Uid: syscall.Getuid(),
Gid: syscall.Getgid(),
Home: "/",
}
execUser, err := getUser(u, &defaultExecUser)
if err != nil {
return err
}
if err := syscall.Setgroups(execUser.Sgids); err != nil {
return fmt.Errorf("setgroups %s", err)
}
if err := system.Setgid(execUser.Gid); err != nil {
return fmt.Errorf("setgid %s", err)
}
if err := system.Setuid(execUser.Uid); err != nil {
return fmt.Errorf("setuid %s", err)
}
// if we didn't get HOME already, set it based on the user's HOME
if envHome := os.Getenv("HOME"); envHome == "" {
if err := os.Setenv("HOME", execUser.Home); err != nil {
return fmt.Errorf("set HOME %s", err)
}
}
os.Setenv("USER", u)
return nil
}