| blob | 8ad7bc8f56a3a8d10c07fe5cb1c73ec3fcb6277d |
1 From 1e3883563faf35dea24bdd07d08d5659211bdeb5 Mon Sep 17 00:00:00 2001
2 From: Andy Fiddaman <illumos@fiddaman.net>
3 Date: Fri, 30 Dec 2022 18:06:57 +0000
4 Subject: Drop unnecessary privileges
6 ---
7 os-posix.c | 41 +++++++++++++++++++++++++++++++++++++++++
8 1 file changed, 41 insertions(+)
10 diff --git a/os-posix.c b/os-posix.c
11 index 4858650c3e..26b7741023 100644
12 --- a/os-posix.c
13 +++ b/os-posix.c
14 @@ -28,6 +28,7 @@
15 #include <pwd.h>
16 #include <grp.h>
17 #include <libgen.h>
18 +#include <priv.h>
20 /* Needed early for CONFIG_BSD etc. */
21 #include "net/slirp.h"
22 @@ -263,6 +264,45 @@ void os_daemonize(void)
23 }
24 }
26 +/*
27 + * In case qemu is started as root, drop unnecessary privileges.
28 + */
29 +static void
30 +illumos_drop_privileges(void)
31 +{
32 + priv_set_t *privs, *wantedprivs;
33 +
34 + privs = priv_allocset();
35 + wantedprivs = priv_allocset();
36 +
37 + if (privs == NULL || wantedprivs == NULL) {
38 + error_report("Unable to allocate privilege sets");
39 + exit(1);
40 + }
41 +
42 + if (getppriv(PRIV_PERMITTED, privs) != 0) {
43 + error_report("Failed to retrieve current privileges");
44 + exit(1);
45 + }
46 +
47 + priv_basicset(wantedprivs);
48 + priv_delset(wantedprivs, PRIV_FILE_LINK_ANY);
49 + priv_delset(wantedprivs, PRIV_PROC_INFO);
50 + priv_delset(wantedprivs, PRIV_PROC_SESSION);
51 + priv_addset(wantedprivs, PRIV_NET_RAWACCESS); /* VNIC net backend */
52 + priv_intersect(wantedprivs, privs);
53 +
54 + if (setppriv(PRIV_SET, PRIV_PERMITTED, privs) != 0 ||
55 + setppriv(PRIV_SET, PRIV_INHERITABLE, privs) != 0 ||
56 + setppriv(PRIV_SET, PRIV_LIMIT, privs) != 0) {
57 + error_report("Failed to reduce privileges");
58 + exit(1);
59 + }
60 +
61 + priv_freeset(wantedprivs);
62 + priv_freeset(privs);
63 +}
64 +
65 void os_setup_post(void)
66 {
67 int fd = 0;
68 @@ -280,6 +320,7 @@ void os_setup_post(void)
70 change_root();
71 change_process_uid();
72 + illumos_drop_privileges();
74 if (daemonize) {
75 uint8_t status = 0;