diff options
author | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-02-16 17:54:18 +0300 |
---|---|---|
committer | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-02-16 17:54:18 +0300 |
commit | a9b41da7fc5a07eae0a72dc7e59f323a73e74a54 (patch) | |
tree | a7bc61ef086855d1e70b65ceef959eaa65494155 /daemon.go | |
parent | 7f12dcc6036f3935688e3fc4be61e8b1596cbc1d (diff) |
Execute unprivileged daemon in chroot
Diffstat (limited to 'daemon.go')
-rw-r--r-- | daemon.go | 31 |
1 files changed, 8 insertions, 23 deletions
@@ -4,17 +4,15 @@ import ( "crypto/rand" "encoding/json" "fmt" + "io" "log" "os" "os/exec" "os/signal" - "os/user" "path/filepath" - "strconv" "syscall" "github.com/kardianos/osext" - "io" ) const daemonRunProgram = "gitlab-pages-unprivileged" @@ -35,27 +33,12 @@ func daemonMain() { os.Exit(0) } -func daemonReexec(cmdUser string, args ...string) (cmd *exec.Cmd, err error) { +func daemonReexec(uid, gid uint, args ...string) (cmd *exec.Cmd, err error) { path, err := osext.Executable() if err != nil { return } - u, err := user.Lookup(cmdUser) - if err != nil { - return - } - - uid, err := strconv.Atoi(u.Uid) - if err != nil { - return - } - - gid, err := strconv.Atoi(u.Gid) - if err != nil { - return - } - cmd = &exec.Cmd{ Path: path, Args: args, @@ -176,22 +159,22 @@ func daemonChroot(cmd *exec.Cmd) (path string, err error) { // Update command to use chroot cmd.SysProcAttr.Chroot = wd - cmd.Path = "/" + temporaryExecutable.Name() + cmd.Path = temporaryExecutable.Name() cmd.Dir = "/" path = filepath.Join(wd, temporaryExecutable.Name()) return } -func daemonize(config appConfig, cmdUser string) { +func daemonize(config appConfig, uid, gid uint) { var err error defer func() { if err != nil { log.Fatalln(err) } }() - log.Printf("Running the daemon as unprivileged user: %v...", cmdUser) + log.Printf("Running the daemon as unprivileged user (uid:%d, gid: %d)...", uid, gid) - cmd, err := daemonReexec(cmdUser, daemonRunProgram) + cmd, err := daemonReexec(uid, gid, daemonRunProgram) if err != nil { return } @@ -200,6 +183,7 @@ func daemonize(config appConfig, cmdUser string) { // Run daemon in chroot environment temporaryExecutable, err := daemonChroot(cmd) if err != nil { + println("Chroot failed", err) return } defer os.Remove(temporaryExecutable) @@ -219,6 +203,7 @@ func daemonize(config appConfig, cmdUser string) { // Start the process if err = cmd.Start(); err != nil { + println("Start failed", err) return } |