From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from imap.gmail.com [173.194.76.109] by localhost with POP3 (fetchmail-6.3.26) for (single-drop); Wed, 22 May 2024 22:59:35 +0200 (CEST) Received: by 2002:a05:6a11:2489:b0:55f:c3c0:ed08 with SMTP id sg9csp910618pxb; Wed, 22 May 2024 13:59:23 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWRxdlkkE/a+z5o/h66iQ96hGI74Xx78Him8+vRDZMsyPTaM3N6Urj8NaQFm/qQb0sleIEpvVplXGYcR0pn4JAkMY6/eWXB8gw= X-Google-Smtp-Source: AGHT+IFutp3x1b/gUjx8GvRh4L7m0FC5oiU77S59N/eIHtrr3IOJMSQMI7RKFprYAGSiiun2FWtl X-Received: by 2002:a05:622a:1310:b0:43a:bd5b:9657 with SMTP id d75a77b69052e-43fa743d7e5mr8072481cf.1.1716411563688; Wed, 22 May 2024 13:59:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1716411563; cv=none; d=google.com; s=arc-20160816; b=lavixa2wbnN+dPh8c9IeEpOxgoxg6KW3tBK9NHREfEtYKG+1IchrXPVpSn3C5phixr 7nWym1LC5T2y/43K95aAmHE2dYoqqaZiq4gMVkGcNGecxclppZlwSwPgXj6VLu5XkpGm PfWGNHdrzvXqUVASrW+0zwm1NTmRD2yANwhSM0vOzq6RRNJhhiLFOixZC9J2m2Km9YA6 /O86DxtNRzfuJuVfHWQFUn9wUsMfs52hSRy5kjaQ9BdW9edH1Ugd7ne6H2ho74IsN7bs 0YkRnDfaMfWK+8347ZdfJMCRzio7TFv6WIvXSTBw5F97Pv2yNkCbViopxoP8fCv6LBxb Qkzg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:list-unsubscribe:list-subscribe:list-post :list-owner:list-help:list-archive:list-archive:archived-at :archived-at:list-id:precedence:cc:message-id-hash:mime-version :references:in-reply-to:message-id:date:subject:to:from:delivered-to; bh=/AHM8jfqJA+Sis4Zfl9GacfkJrfrm0KqvK9H/B/opBE=; fh=Sda5+ix8pPMDNzAK4mfqRvxwOV3J+P0OHYKuDzXzUCA=; b=My/oGFnWxaKRNNtBrWTIv5OhChEmwMOpMIgL9T634nwp6YDu4R5NYO0bxldU1a2rlg x1EAWgHigdw3+AD6MuZH5+9/KKWkgEZEoNIFINRKDcjUSFxGKjbgOvVUo6NHZmdocO0s HvMFzLBs1d+GsTsrhGreyu4ET5sPvTi2hwDl15k1maoSEoYn+d+PG1IeSrD+B9rnKBvI prqWcrOb7BA3j9A3Bt+b7bXAVfOj/z8c2ox5ow6fU3xdOEkVxG3+2c07iwFFugbW4y6S TzUKZo/fbrvwNCSKfKAbffRWxUhkHne+t30YF3OsMtk8ynT4iJltvQj4zPOC9Jnyx+25 ZQKg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of passt-dev-bounces@passt.top designates 88.198.0.164 as permitted sender) smtp.mailfrom=passt-dev-bounces@passt.top Return-Path: Received: from us-smtp-inbound-delivery-1.mimecast.com (us-smtp-delivery-1.mimecast.com. [170.10.128.131]) by mx.google.com with ESMTPS id d75a77b69052e-43e1b9c54a8si4030791cf.435.2024.05.22.13.59.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 May 2024 13:59:23 -0700 (PDT) Received-SPF: pass (google.com: domain of passt-dev-bounces@passt.top designates 88.198.0.164 as permitted sender) client-ip=88.198.0.164; Authentication-Results: mx.google.com; spf=pass (google.com: domain of passt-dev-bounces@passt.top designates 88.198.0.164 as permitted sender) smtp.mailfrom=passt-dev-bounces@passt.top Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-653-UG92eGHINhycmEc1_eg03A-1; Wed, 22 May 2024 16:59:22 -0400 X-MC-Unique: UG92eGHINhycmEc1_eg03A-1 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 1ACC91955E8E for ; Wed, 22 May 2024 20:59:21 +0000 (UTC) Received: by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) id 0B63A194328F; Wed, 22 May 2024 20:59:21 +0000 (UTC) Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.58]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 08198194328D for ; Wed, 22 May 2024 20:59:20 +0000 (UTC) Received: from us-smtp-inbound-delivery-1.mimecast.com (us-smtp-delivery-1.mimecast.com [170.10.128.131]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id A29411955F37 for ; Wed, 22 May 2024 20:59:20 +0000 (UTC) Received: from passt.top (passt.top [88.198.0.164]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-561-EdSPSTRuOvy9CWgcOOyRfw-1; Wed, 22 May 2024 16:59:18 -0400 X-MC-Unique: EdSPSTRuOvy9CWgcOOyRfw-1 Received: from [127.0.0.1] (localhost.localdomain [127.0.0.1]) by passt.top (Postfix) with ESMTP id C57785A030F; Wed, 22 May 2024 22:59:14 +0200 (CEST) Received: by passt.top (Postfix, from userid 1000) id B6A435A004C; Wed, 22 May 2024 22:59:11 +0200 (CEST) From: Stefano Brivio To: passt-dev@passt.top Subject: [PATCH 1/8] conf: Don't lecture user about starting us as root Date: Wed, 22 May 2024 22:59:04 +0200 Message-ID: <20240522205911.261325-2-sbrivio@redhat.com> In-Reply-To: <20240522205911.261325-1-sbrivio@redhat.com> References: <20240522205911.261325-1-sbrivio@redhat.com> MIME-Version: 1.0 Message-ID-Hash: PSDL3AH6AY3NFSFBADPMZCW3EZ3HEV4J X-Message-ID-Hash: PSDL3AH6AY3NFSFBADPMZCW3EZ3HEV4J X-MailFrom: sbrivio@passt.top X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: David Gibson , "'Richard W . M . Jones'" , Minxi Hou X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition;Similar Internal Domain=false;Similar Monitored External Domain=false;Custom External Domain=false;Mimecast External Domain=false;Newly Observed Domain=false;Internal User Name=false;Custom Display Name List=false;Reply-to Address Mismatch=false;Targeted Threat Dictionary=false;Mimecast Threat Dictionary=false;Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="US-ASCII"; x-default=true libguestfs tools have a good reason to run as root: if the guest image is owned by root, it would be counterproductive to encourage users to invoke them as non-root, as it would require changing permissions or ownership of the image file. And if they run as root, we'll start as root, too. Warn users we'll switch to 'nobody', but don't tell them what to do. Reported-by: Richard W.M. Jones Signed-off-by: Stefano Brivio --- conf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf.c b/conf.c index 21d46fe..2e0d909 100644 --- a/conf.c +++ b/conf.c @@ -1093,7 +1093,7 @@ static void conf_ugid(char *runas, uid_t *uid, gid_t = *gid) =09=09return; =20 =09/* ...otherwise use nobody:nobody */ -=09warn("Don't run as root. Changing to nobody..."); +=09warn("Started as root. Changing to nobody..."); =09{ #ifndef GLIBC_NO_STATIC_NSS =09=09const struct passwd *pw; --=20 2.43.0