From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from gandalf.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3]) by passt.top (Postfix) with ESMTPS id 5CB005A026E for ; Thu, 16 Feb 2023 06:43:22 +0100 (CET) Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4PHP4K6ZzYz4x8F; Thu, 16 Feb 2023 16:43:13 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=201602; t=1676526193; bh=cT/pFgXrfTTq/kxoZkas7Ge75ObtSAdna9QdNZwqUck=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=eIz1TOwkqZGi7saQX9bLop8EHGGgNkUOje8id4CpRZEPenuHB6GAyeQQU+nIERYs0 MjqDqrwNmyF9eg1GabzRNFzZ99Um8D5ColU8G5IbvyYlNZFphpXt5ucYjQ3D6R46eO VyWyudx8E8CiBcw3bAmk5zaoZFryo+QqsYU91HDE= Date: Thu, 16 Feb 2023 16:38:10 +1100 From: David Gibson To: Laine Stump Subject: Re: [PATCH v4 6/9] make conf_ugid() exit immediately after logging error Message-ID: References: <20230215082437.110151-1-laine@redhat.com> <20230215082437.110151-7-laine@redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="LIYD2TYch4tqz+mg" Content-Disposition: inline In-Reply-To: <20230215082437.110151-7-laine@redhat.com> Message-ID-Hash: PGOSHADS3DPNLN7GNGQSAYHFKFCDV56S X-Message-ID-Hash: PGOSHADS3DPNLN7GNGQSAYHFKFCDV56S X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top X-Mailman-Version: 3.3.3 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --LIYD2TYch4tqz+mg Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Feb 15, 2023 at 03:24:34AM -0500, Laine Stump wrote: > Again, it can then be made to return void, simplifying the caller. >=20 > Signed-off-by: Laine Stump Reviewed-by: David Gibson > --- > conf.c | 27 +++++++++------------------ > 1 file changed, 9 insertions(+), 18 deletions(-) >=20 > diff --git a/conf.c b/conf.c > index c7ed64c..19020f9 100644 > --- a/conf.c > +++ b/conf.c > @@ -995,22 +995,18 @@ static int conf_runas(char *opt, unsigned int *uid,= unsigned int *gid) > * @runas: --runas option, may be NULL > * @uid: User ID, set on success > * @gid: Group ID, set on success > - * > - * Return: 0 on success, negative error code on failure > */ > -static int conf_ugid(char *runas, uid_t *uid, gid_t *gid) > +static void conf_ugid(char *runas, uid_t *uid, gid_t *gid) > { > const char root_uid_map[] =3D " 0 0 4294967295"; > char buf[BUFSIZ]; > - int ret; > int fd; > =20 > /* If user has specified --runas, that takes precedence... */ > if (runas) { > - ret =3D conf_runas(runas, uid, gid); > - if (ret) > - err("Invalid --runas option: %s", runas); > - return ret; > + if (conf_runas(runas, uid, gid)) > + die("Invalid --runas option: %s", runas); > + return; > } > =20 > /* ...otherwise default to current user and group... */ > @@ -1019,20 +1015,18 @@ static int conf_ugid(char *runas, uid_t *uid, gid= _t *gid) > =20 > /* ...as long as it's not root... */ > if (*uid) > - return 0; > + return; > =20 > /* ...or at least not root in the init namespace... */ > if ((fd =3D open("/proc/self/uid_map", O_RDONLY | O_CLOEXEC)) < 0) { > - ret =3D -errno; > - err("Can't determine if we're in init namespace: %s", > - strerror(-ret)); > - return ret; > + die("Can't determine if we're in init namespace: %s", > + strerror(errno)); > } > =20 > if (read(fd, buf, BUFSIZ) !=3D sizeof(root_uid_map) || > strncmp(buf, root_uid_map, sizeof(root_uid_map) - 1)) { > close(fd); > - return 0; > + return; > } > =20 > close(fd); > @@ -1056,7 +1050,6 @@ static int conf_ugid(char *runas, uid_t *uid, gid_t= *gid) > *uid =3D *gid =3D 65534; > #endif > } > - return 0; > } > =20 > /** > @@ -1520,9 +1513,7 @@ void conf(struct ctx *c, int argc, char **argv) > if (*c->sock_path && c->fd_tap >=3D 0) > die("Options --socket and --fd are mutually exclusive"); > =20 > - ret =3D conf_ugid(runas, &uid, &gid); > - if (ret) > - usage(argv[0]); > + conf_ugid(runas, &uid, &gid); > =20 > if (logfile) { > logfile_init(c->mode =3D=3D MODE_PASST ? "passt" : "pasta", --=20 David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson --LIYD2TYch4tqz+mg Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmPtwToACgkQzQJF27ox 2GffAw/9E+3+H7n2BDfbrziMCsP9zxxn2S23wFPpRzdEJ5M2hQFTWBA5ua5khu46 zgPKL+fMQGXwzc0txEgBU1I4g4eyL+Yne8PIO04pYn/4T8RletmUm4SzEa39ftzi ar6E/LGwO0fQl3ua2ujVIBKTMUrhHcayP7XA1sF4MrxAP5Y5jgovQ5L1l1yb51b0 cWA5aBEuwfBRIWBh+gIX5s8+UjJMuAM+lLmRLyUMY0DdUdIb/TcmS+vQx8/pDItS VvHXzmoUn6jnGknii3iyqmCc2bWMn4cfTT9MgBZrkXISS3jnCKb9sQcZMheVFOcU BLUZDQSYFj13MLjfx2BZVa+Ue9taQaVExLVv7jLaHOJlMuSbsykFtD1OBSU5Tn4f qU9LSsR99IQBpX/kRpMflOH8WpZQwa+GiiwDlhgCvKDvNbl67ODAbJTocwWKhq9q 8T+YcSRw4Uh1UxLpbdjc5jQv9f4V/+wDQjnfyMdAaziuEjyrVO7W2A2qkGD2+A53 R8J1DkcKmfAj3jZDhT42oTLRLkJ+z4tB181ggfmCVtGV78qpyDj3/VHJ2TiDmXAw qUpSYVtNtnfxfkbIoihzFL9D3vqwZ1vflX2/WwAxd91gpFO058y2WZyg/K/Z/j1m 6spoJmvVPn7Ls7fdH+qHIDHGj1eTQS135pAr7Xr9On3zmPKcS/g= =tx21 -----END PGP SIGNATURE----- --LIYD2TYch4tqz+mg--