From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from imap.gmail.com [173.194.76.109] by localhost with POP3 (fetchmail-6.3.26) for (single-drop); Wed, 22 May 2024 22:59:35 +0200 (CEST) Received: by 2002:a05:6a11:2489:b0:55f:c3c0:ed08 with SMTP id sg9csp910622pxb; Wed, 22 May 2024 13:59:23 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCUxiWkn475tjsRBWY+O4pUhZNgL8nu50/Lvdp07/MVO7D+IMMK99zzkNEAxOfnX2Zas7G6/Qpv80KmARXgTgnXAAY6H8AReZbM= X-Google-Smtp-Source: AGHT+IEeVyR/yqcIjyaHW7zVI5hBqI45womOVTcVvVmZVJ8Glhzb4b2l+txW2xbbcAzjbkm+FCEg X-Received: by 2002:a05:620a:4689:b0:78f:108b:68b6 with SMTP id af79cd13be357-794a08f9b76mr83721485a.8.1716411563827; Wed, 22 May 2024 13:59:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1716411563; cv=none; d=google.com; s=arc-20160816; b=ueudIJmhSfO/VF5V1oKHaX/Tdkkvdm+hwioi6vmN2eK36vqN6WSU7YlortivmPK/NC tSAAuc6/JxIsBEWvZSFPOrhRNzBD3xWzy5X8IMBsbNhaD0925AAXCC+lZR5lOnyqRALL OwRQpdRhSxF76/vdkq8EcmRYmm8hloeW5IRqm1GYXERyj7qfjPlWJKReqF8nM/6e0Dwd xEQ9rbkphmXximiZ9M4J1sJ7XEx7RydKo9vj+5Mp+588uQEmOOKxsHwbZ98hM2eTN31H dxxb9hzvGvInIuNIGd2NgaQlP3hZJp6RQP8aB3AkqVFLzb08zuxCHIyNV/0IL7Q/bctR y1WA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:list-unsubscribe:list-subscribe:list-post :list-owner:list-help:list-archive:list-archive:archived-at :archived-at:list-id:precedence:cc:message-id-hash:mime-version :message-id:date:subject:to:from:delivered-to; bh=JPUqWU6LKK5IzsdRsvj6cF61/vrHsYy7rHtM+MOEijQ=; fh=Sda5+ix8pPMDNzAK4mfqRvxwOV3J+P0OHYKuDzXzUCA=; b=W5lTZj2ndTRXutlwxCh6eaE3n588iB4h4x037vQA3aJMfAllWcaXkaU/B3Ae/3+7gI ukjOxcCx2z/06yTxgFRgJE558XDjC8B20CWMiYPKJWCYC6F7A3CIku4fIx0irKQ+ca8w dKtLmRkUspDnlPRH8xRI4r1SycFBDJcA/iAb6/0b/W4EnbHp2FvYie+Z6k3liIxS2VlD /UbcpdDdiT9LUtNb4Uz0iT9rW7V1NqAEOS+GgVJYjbMRshAcGOQ1RRYLdIoKam08/f42 0dQpsdVIk1+eJTxJnruhKSgEMV76UXc0T0Dpy+AzUnpyZ4ijDOtchDhmhPFT00EpEdwZ mSvA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of passt-dev-bounces@passt.top designates 88.198.0.164 as permitted sender) smtp.mailfrom=passt-dev-bounces@passt.top Return-Path: Received: from us-smtp-inbound-delivery-1.mimecast.com (us-smtp-delivery-1.mimecast.com. [170.10.128.131]) by mx.google.com with ESMTPS id af79cd13be357-792bf33b133si1542652685a.516.2024.05.22.13.59.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 May 2024 13:59:23 -0700 (PDT) Received-SPF: pass (google.com: domain of passt-dev-bounces@passt.top designates 88.198.0.164 as permitted sender) client-ip=88.198.0.164; Authentication-Results: mx.google.com; spf=pass (google.com: domain of passt-dev-bounces@passt.top designates 88.198.0.164 as permitted sender) smtp.mailfrom=passt-dev-bounces@passt.top Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-623-nlqWEmMaOiynY8rsIDjHNg-1; Wed, 22 May 2024 16:59:22 -0400 X-MC-Unique: nlqWEmMaOiynY8rsIDjHNg-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 1A9821C05142 for ; Wed, 22 May 2024 20:59:22 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 174677414; Wed, 22 May 2024 20:59:22 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast04.extmail.prod.ext.rdu2.redhat.com [10.11.55.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D36767412 for ; Wed, 22 May 2024 20:59:21 +0000 (UTC) Received: from us-smtp-inbound-delivery-1.mimecast.com (us-smtp-delivery-1.mimecast.com [170.10.128.131]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id BA15B101A525 for ; Wed, 22 May 2024 20:59:21 +0000 (UTC) Received: from passt.top (passt.top [88.198.0.164]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-395-iYj8AHt_PzyWyzgrwJYkTQ-1; Wed, 22 May 2024 16:59:18 -0400 X-MC-Unique: iYj8AHt_PzyWyzgrwJYkTQ-1 Received: from [127.0.0.1] (localhost.localdomain [127.0.0.1]) by passt.top (Postfix) with ESMTP id BC1BB5A0306; Wed, 22 May 2024 22:59:14 +0200 (CEST) Received: by passt.top (Postfix, from userid 1000) id B51B95A0305; Wed, 22 May 2024 22:59:11 +0200 (CEST) From: Stefano Brivio To: passt-dev@passt.top Subject: [PATCH 0/8] Open socket and PID files as root, before switching Date: Wed, 22 May 2024 22:59:03 +0200 Message-ID: <20240522205911.261325-1-sbrivio@redhat.com> MIME-Version: 1.0 Message-ID-Hash: BQGXE77HFFELZPPQXLQAJQ6GBIT7ILA7 X-Message-ID-Hash: BQGXE77HFFELZPPQXLQAJQ6GBIT7ILA7 X-MailFrom: sbrivio@passt.top X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: David Gibson , "'Richard W . M . Jones'" , Minxi Hou X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition;Similar Internal Domain=false;Similar Monitored External Domain=false;Custom External Domain=false;Mimecast External Domain=false;Newly Observed Domain=false;Internal User Name=false;Custom Display Name List=false;Reply-to Address Mismatch=false;Targeted Threat Dictionary=false;Mimecast Threat Dictionary=false;Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.5 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="US-ASCII"; x-default=true If libguestfs tools run as root, with the 'direct' backend (without libvirt), we'll start as root as well. As guest images might be owned by root, there are valid reasons to use libguestfs tools as root, so be nice to them: open socket and PID files *before* switching to nobody, so that we can still access their paths. Stefano Brivio (8): conf: Don't lecture user about starting us as root tap: Move all-ones initialisation of mac_guest to tap_sock_init() passt, tap: Don't use -1 as uninitialised value for fd_tap_listen tap: Split tap_sock_unix_init() into opening and listening parts util: Rename write_pidfile() to pidfile_write() passt, util: Move opening of PID file to its own function conf, passt, tap: Open socket and PID files before switching UID/GID conf, passt.h: Rename pid_file in struct ctx to pidfile conf.c | 23 +++++++++++++++++++---- passt.c | 17 ++++------------- passt.h | 8 ++++++-- tap.c | 57 +++++++++++++++++++++++++++++++++++---------------------- tap.h | 1 + util.c | 28 +++++++++++++++++++++++++--- util.h | 3 ++- 7 files changed, 92 insertions(+), 45 deletions(-) --=20 2.43.0