early: run ubusd non-root as user ubus, group ubus

author Daniel Golle <daniel@makrotopia.org>

Mon, 19 Oct 2020 12:43:23 +0000 (13:43 +0100)

committer Daniel Golle <daniel@makrotopia.org>

Mon, 19 Oct 2020 14:48:30 +0000 (15:48 +0100)
author Daniel Golle <daniel@makrotopia.org>
Mon, 19 Oct 2020 12:43:23 +0000 (13:43 +0100)
committer Daniel Golle <daniel@makrotopia.org>
Mon, 19 Oct 2020 14:48:30 +0000 (15:48 +0100)
diff --git a/service/service.c b/service/service.c

index cabc69cce783e2e44792e3be2d570de8867a1a59..b3286dc9b2235f0b7f8dff46341e12837e65ad5a 100644 (file)
--- a/service/service.c
+++ b/service/service.c
@@ -972,7 +972,7 @@ static struct ubus_object main_object = {
  };
  
  int
-service_start_early(char *name, char *cmdline)
+service_start_early(char *name, char *cmdline, char *user, char *group)
  {
         void *instances, *instance, *command, *respawn;
         char *t;
@@ -993,6 +993,11 @@ service_start_early(char *name, char *cmdline)
         blobmsg_add_string(&b, NULL, "1");
         blobmsg_add_string(&b, NULL, "0");
         blobmsg_close_array(&b, respawn);
+       if (user)
+               blobmsg_add_string(&b, "user", user);
+       if (group)
+               blobmsg_add_string(&b, "group", group);
+
         blobmsg_close_table(&b, instance);
         blobmsg_close_table(&b, instances);
  
diff --git a/service/service.h b/service/service.h

index fac5da9d2d047058d6b81ac179df8d33df05829c..48157ccde051f7d3a4579b94f7ef00b08c69432e 100644 (file)
--- a/service/service.h
+++ b/service/service.h
@@ -55,7 +55,7 @@ struct service {
  void service_validate_add(struct service *s, struct blob_attr *attr);
  void service_validate_dump(struct blob_buf *b, struct service *s);
  void service_validate_dump_all(struct blob_buf *b, char *p, char *s);
-int service_start_early(char *name, char *cmdline);
+int service_start_early(char *name, char *cmdline, char *user, char *group);
  void service_stopped(struct service *s);
  void service_validate_del(struct service *s);
  void service_event(const char *type, const char *service, const char *instance);
diff --git a/state.c b/state.c

index e117ea302f9301fea4e483b23c08676890f0ced4..6ca1d5e77b2cf2b2e044861776585b231a3a50dc 100644 (file)
--- a/state.c
+++ b/state.c
@@ -13,6 +13,7 @@
   */
  
  #include <fcntl.h>
+#include <pwd.h>
  #include <sys/reboot.h>
  #include <stdio.h>
  #include <stdlib.h>
@@ -125,6 +126,7 @@ static void perform_halt()
  static void state_enter(void)
  {
         char ubus_cmd[] = "/sbin/ubusd";
+       struct passwd *p;
  
         switch (state) {
         case STATE_EARLY:
@@ -139,8 +141,13 @@ static void state_enter(void)
                 watchdog_init(0);
                 set_stdio("console");
                 LOG("- ubus -\n");
+               p = getpwnam("ubus");
+               if (p) {
+                       mkdir(p->pw_dir, 0755);
+                       chown(p->pw_dir, p->pw_uid, p->pw_gid);
+               }
                 procd_connect_ubus();
-               service_start_early("ubus", ubus_cmd);
+               service_start_early("ubus", ubus_cmd, p?"ubus":NULL, p?"ubus":NULL);
                 break;
  
         case STATE_INIT:
author	Daniel Golle <daniel@makrotopia.org>
	Mon, 19 Oct 2020 12:43:23 +0000 (13:43 +0100)
committer	Daniel Golle <daniel@makrotopia.org>
	Mon, 19 Oct 2020 14:48:30 +0000 (15:48 +0100)
service/service.c		patch \| blob \| history
service/service.h		patch \| blob \| history
state.c		patch \| blob \| history