From: Stefano Brivio <sbrivio@redhat.com>
To: passt-dev@passt.top
Cc: David Gibson <david@gibson.dropbear.id.au>,
"'Richard W . M . Jones'" <rjones@redhat.com>,
Minxi Hou <mhou@redhat.com>
Subject: [PATCH 1/8] conf: Don't lecture user about starting us as root
Date: Wed, 22 May 2024 22:59:04 +0200 [thread overview]
Message-ID: <20240522205911.261325-2-sbrivio@redhat.com> (raw)
In-Reply-To: <20240522205911.261325-1-sbrivio@redhat.com>
libguestfs tools have a good reason to run as root: if the guest image
is owned by root, it would be counterproductive to encourage users to
invoke them as non-root, as it would require changing permissions or
ownership of the image file.
And if they run as root, we'll start as root, too. Warn users we'll
switch to 'nobody', but don't tell them what to do.
Reported-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
---
conf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/conf.c b/conf.c
index 21d46fe..2e0d909 100644
--- a/conf.c
+++ b/conf.c
@@ -1093,7 +1093,7 @@ static void conf_ugid(char *runas, uid_t *uid, gid_t *gid)
return;
/* ...otherwise use nobody:nobody */
- warn("Don't run as root. Changing to nobody...");
+ warn("Started as root. Changing to nobody...");
{
#ifndef GLIBC_NO_STATIC_NSS
const struct passwd *pw;
--
@@ -1093,7 +1093,7 @@ static void conf_ugid(char *runas, uid_t *uid, gid_t *gid)
return;
/* ...otherwise use nobody:nobody */
- warn("Don't run as root. Changing to nobody...");
+ warn("Started as root. Changing to nobody...");
{
#ifndef GLIBC_NO_STATIC_NSS
const struct passwd *pw;
--
2.43.0
next prev parent reply other threads:[~2024-05-22 20:59 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-22 20:59 [PATCH 0/8] Open socket and PID files as root, before switching Stefano Brivio
2024-05-22 20:59 ` Stefano Brivio [this message]
2024-05-23 1:45 ` [PATCH 1/8] conf: Don't lecture user about starting us as root David Gibson
2024-05-23 9:52 ` Richard W.M. Jones
2024-05-22 20:59 ` [PATCH 2/8] tap: Move all-ones initialisation of mac_guest to tap_sock_init() Stefano Brivio
2024-05-23 1:46 ` David Gibson
2024-05-23 9:59 ` Richard W.M. Jones
2024-05-23 10:03 ` Richard W.M. Jones
2024-05-22 20:59 ` [PATCH 3/8] passt, tap: Don't use -1 as uninitialised value for fd_tap_listen Stefano Brivio
2024-05-23 1:48 ` David Gibson
2024-05-22 20:59 ` [PATCH 4/8] tap: Split tap_sock_unix_init() into opening and listening parts Stefano Brivio
2024-05-23 10:05 ` Richard W.M. Jones
2024-05-28 7:01 ` David Gibson
2024-05-22 20:59 ` [PATCH 5/8] util: Rename write_pidfile() to pidfile_write() Stefano Brivio
2024-05-23 10:06 ` Richard W.M. Jones
2024-05-22 20:59 ` [PATCH 6/8] passt, util: Move opening of PID file to its own function Stefano Brivio
2024-05-23 10:06 ` Richard W.M. Jones
2024-05-28 7:04 ` David Gibson
2024-05-22 20:59 ` [PATCH 7/8] conf, passt, tap: Open socket and PID files before switching UID/GID Stefano Brivio
2024-05-23 10:10 ` Richard W.M. Jones
2024-05-29 2:35 ` David Gibson
2024-06-20 11:30 ` Richard W.M. Jones
2024-06-20 12:12 ` Stefano Brivio
2024-06-20 12:47 ` Richard W.M. Jones
2024-06-20 14:22 ` Stefano Brivio
2024-06-21 1:02 ` David Gibson
2024-05-22 20:59 ` [PATCH 8/8] conf, passt.h: Rename pid_file in struct ctx to pidfile Stefano Brivio
2024-05-23 10:11 ` Richard W.M. Jones
2024-05-28 7:07 ` David Gibson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240522205911.261325-2-sbrivio@redhat.com \
--to=sbrivio@redhat.com \
--cc=david@gibson.dropbear.id.au \
--cc=mhou@redhat.com \
--cc=passt-dev@passt.top \
--cc=rjones@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://passt.top/passt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).