CernVM-FS  2.12.0
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
repository_env.cc
Go to the documentation of this file.
1 
5 #include "cvmfs_config.h"
6 #include "repository.h"
7 
8 #include <sys/capability.h>
9 #include <sys/prctl.h>
10 #include <unistd.h>
11 
12 #include "publish/except.h"
13 #include "util/posix.h"
14 
15 namespace publish {
16 
17 void Env::DropCapabilities() {
18  int retval;
19 
20  // Because the process has file capabilities, its dumpable state is set to
21  // false, which in turn makes the /proc/self/... files owned by root. We
22  // need to reset this to have them owned by the effective UID in order to
23  // set, e.g., uid_map/gid_map of user namespaces.
24  retval = prctl(PR_SET_DUMPABLE, 1, 0, 0, 0);
25  if (retval != 0)
26  throw EPublish("cannot clear dumpable state");
27 
28  cap_t caps = cap_get_proc();
29  retval = cap_clear(caps);
30  cap_free(caps);
31  if (retval != 0)
32  throw EPublish("cannot clear process capabilities");
33 }
34 
35 
36 std::string Env::GetEnterSessionDir() {
37  if (SymlinkExists("/.cvmfsenter"))
38  return ResolvePath("/.cvmfsenter");
39  return "";
40 }
41 
42 } // namespace publish
SymlinkExists
bool SymlinkExists(const std::string &path)
Definition: posix.cc:823
prctl
int prctl(int, uint64_t, uint64_t, uint64_t, uint64_t)
Definition: platform_osx.h:317
PR_SET_DUMPABLE
#define PR_SET_DUMPABLE
Definition: platform_osx.h:318
cvmfs_suid::ResolvePath
string ResolvePath(const std::string &path)
Definition: cvmfs_suid_util.cc:68