Skip to content

Commit

Permalink
chore: Use geteuid() instead of getuid() to check privilege
Browse files Browse the repository at this point in the history
  • Loading branch information
ruihe774 committed Dec 18, 2024
1 parent f0461d8 commit 1586d24
Show file tree
Hide file tree
Showing 6 changed files with 14 additions and 5 deletions.
2 changes: 1 addition & 1 deletion src/libostree/ostree-bootloader-zipl.c
Original file line number Diff line number Diff line change
Expand Up @@ -432,7 +432,7 @@ _ostree_bootloader_zipl_post_bls_sync (OstreeBootloader *bootloader, int bootver
// This can happen in a unit testing environment; at some point what we want to do here
// is move all of the zipl logic to a systemd unit instead that's keyed of
// ostree-finalize-staged.service.
if (getuid () != 0)
if (!ot_util_process_privileged ())
return TRUE;

// If we're in a booted deployment, we don't need to spawn a container.
Expand Down
2 changes: 1 addition & 1 deletion src/libostree/ostree-repo-commit.c
Original file line number Diff line number Diff line change
Expand Up @@ -1658,7 +1658,7 @@ ostree_repo_prepare_transaction (OstreeRepo *self, gboolean *out_transaction_res
self->reserved_blocks = reserved_bytes / self->txn.blocksize;

/* Use the appropriate free block count if we're unprivileged */
guint64 bfree = (getuid () != 0 ? stvfsbuf.f_bavail : stvfsbuf.f_bfree);
guint64 bfree = (ot_util_process_privileged () ? stvfsbuf.f_bfree : stvfsbuf.f_bavail);
if (bfree > self->reserved_blocks)
self->txn.max_blocks = bfree - self->reserved_blocks;
else
Expand Down
2 changes: 1 addition & 1 deletion src/libostree/ostree-sysroot.c
Original file line number Diff line number Diff line change
Expand Up @@ -263,7 +263,7 @@ _ostree_sysroot_enter_mount_namespace (OstreeSysroot *self, GCancellable *cancel
return TRUE;

/* Do nothing if we're not privileged */
if (getuid () != 0)
if (!ot_util_process_privileged ())
return TRUE;

/* We also assume operating on non-booted roots won't have a readonly sysroot */
Expand Down
7 changes: 7 additions & 0 deletions src/libotutil/ot-unix-utils.c
Original file line number Diff line number Diff line change
Expand Up @@ -102,3 +102,10 @@ ot_util_path_split_validate (const char *path, GPtrArray **out_components, GErro
ot_transfer_out_value (out_components, &ret_components);
return TRUE;
}

/* Check if current process is privileged */
gboolean
ot_util_process_privileged (void)
{
return geteuid() == 0;
}
2 changes: 2 additions & 0 deletions src/libotutil/ot-unix-utils.h
Original file line number Diff line number Diff line change
Expand Up @@ -39,4 +39,6 @@ gboolean ot_util_filename_validate (const char *name, GError **error);

gboolean ot_util_path_split_validate (const char *path, GPtrArray **out_components, GError **error);

gboolean ot_util_process_privileged (void);

G_END_DECLS
4 changes: 2 additions & 2 deletions src/ostree/ot-main.c
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,7 @@ maybe_setup_mount_namespace (gboolean *out_ns, GError **error)
*out_ns = FALSE;

/* If we're not root, then we almost certainly can't be remounting anything */
if (getuid () != 0)
if (!ot_util_process_privileged ())
return TRUE;

/* If the system isn't booted via libostree, also nothing to do */
Expand Down Expand Up @@ -580,7 +580,7 @@ ostree_admin_sysroot_load (OstreeSysroot *sysroot, OstreeAdminBuiltinFlags flags
/* Only require root if we're manipulating a booted sysroot. (Mostly
* useful for the test suite)
*/
if (booted && getuid () != 0)
if (booted && !ot_util_process_privileged ())
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_PERMISSION_DENIED,
"You must be root to perform this command");
Expand Down

0 comments on commit 1586d24

Please sign in to comment.