[packages/flashpolicyd.git] / flashpolicyd-runas-user.patch

Patch to make flashpolicyd to run as user nobody/nobody with --user nobody
argument.

--
Signed-off-by: Elan Ruusamäe <glen@delfi.ee>

--- flashpolicyd-2.1/flashpolicyd.rb	2009-10-08 00:11:42.000000000 +0300
+++ flashpolicyd-2.1/flashpolicyd~	2010-02-09 19:34:24.850284233 +0200
@@ -60,6 +60,7 @@
     [ '--verbose', '-v', GetoptLong::NO_ARGUMENT],
     [ '--timeout', '-t', GetoptLong::OPTIONAL_ARGUMENT],
     [ '--logfreq', '-l', GetoptLong::OPTIONAL_ARGUMENT],
+    [ '--user', '-u', GetoptLong::OPTIONAL_ARGUMENT],
     [ '--logfile', GetoptLong::REQUIRED_ARGUMENT],
     [ '--help', '-h', GetoptLong::NO_ARGUMENT]
 )
@@ -71,6 +72,7 @@
 @logfreq = 1800
 xmlfile = ""
 logfile = ""
+user = ""
 
 opts.each { |opt, arg|
   case opt
@@ -86,6 +88,8 @@
       exit
     when '--xml'
       xmlfile = arg
+    when '--user'
+      user = arg
     when '--verbose'
       @verbose = true
     when '--maxclients'
@@ -393,6 +397,17 @@
     server = PolicyServer.new(843, "0.0.0.0", @xmldata, @logger, @timeout, @verbose)
     server.start
 
+   # change user after binding to port
+   if (user.length > 0)
+        require 'etc'
+        uid = Etc.getpwnam(user).uid
+        gid = Etc.getpwnam(user).gid
+        # Change process ownership
+        Process.initgroups(user, gid)
+        Process::GID.change_privilege(gid)
+        Process::UID.change_privilege(uid)
+    end
+
     # Send HUP to toggle debug mode or not for a running server
     trap("HUP") {
       server.toggledebug
Commit	Line	Data
c9f6ad73 ER	1	Patch to make flashpolicyd to run as user nobody/nobody with --user nobody
	2	argument.
	3
	4	--
	5	Signed-off-by: Elan Ruusamäe <glen@delfi.ee>
	6
ee211994 ER	7	--- flashpolicyd-2.1/flashpolicyd.rb 2009-10-08 00:11:42.000000000 +0300
	8	+++ flashpolicyd-2.1/flashpolicyd~ 2010-02-09 19:34:24.850284233 +0200
	9	@@ -60,6 +60,7 @@
	10	[ '--verbose', '-v', GetoptLong::NO_ARGUMENT],
	11	[ '--timeout', '-t', GetoptLong::OPTIONAL_ARGUMENT],
	12	[ '--logfreq', '-l', GetoptLong::OPTIONAL_ARGUMENT],
	13	+ [ '--user', '-u', GetoptLong::OPTIONAL_ARGUMENT],
	14	[ '--logfile', GetoptLong::REQUIRED_ARGUMENT],
	15	[ '--help', '-h', GetoptLong::NO_ARGUMENT]
	16	)
	17	@@ -71,6 +72,7 @@
	18	@logfreq = 1800
	19	xmlfile = ""
	20	logfile = ""
	21	+user = ""
	22
	23	opts.each { \|opt, arg\|
	24	case opt
	25	@@ -86,6 +88,8 @@
	26	exit
	27	when '--xml'
	28	xmlfile = arg
	29	+ when '--user'
	30	+ user = arg
	31	when '--verbose'
	32	@verbose = true
	33	when '--maxclients'
	34	@@ -393,6 +397,17 @@
	35	server = PolicyServer.new(843, "0.0.0.0", @xmldata, @logger, @timeout, @verbose)
	36	server.start
	37
c9f6ad73 ER	38	+ # change user after binding to port
c9f6ad73 ER	39	+ if (user.length > 0)
ee211994	40	+ require 'etc'
c9f6ad73 ER	41	+ uid = Etc.getpwnam(user).uid
c9f6ad73 ER	42	+ gid = Etc.getpwnam(user).gid
ee211994 ER	43	+ # Change process ownership
	44	+ Process.initgroups(user, gid)
	45	+ Process::GID.change_privilege(gid)
	46	+ Process::UID.change_privilege(uid)
	47	+ end
	48	+
	49	# Send HUP to toggle debug mode or not for a running server
	50	trap("HUP") {
	51	server.toggledebug