passt: Static builds: don't redefine __vsyslog(), skip getpwnam() and initgroups()
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
This commit is contained in:
parent
1fd0c9b0e1
commit
2c7d1ce088
5 changed files with 21 additions and 12 deletions
2
Makefile
2
Makefile
|
@ -11,7 +11,7 @@ all: passt pasta passt4netns qrap
|
||||||
avx2: CFLAGS += -Ofast -mavx2 -ftree-vectorize -funroll-loops
|
avx2: CFLAGS += -Ofast -mavx2 -ftree-vectorize -funroll-loops
|
||||||
avx2: clean all
|
avx2: clean all
|
||||||
|
|
||||||
static: CFLAGS += -static
|
static: CFLAGS += -static -DGLIBC_NO_STATIC_NSS
|
||||||
static: clean all
|
static: clean all
|
||||||
|
|
||||||
seccomp.h: *.c $(filter-out seccomp.h,$(wildcard *.h))
|
seccomp.h: *.c $(filter-out seccomp.h,$(wildcard *.h))
|
||||||
|
|
3
conf.c
3
conf.c
|
@ -293,7 +293,8 @@ static void get_dns(struct ctx *c)
|
||||||
if ((fd = open("/etc/resolv.conf", O_RDONLY)) < 0)
|
if ((fd = open("/etc/resolv.conf", O_RDONLY)) < 0)
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
while (!(*buf = 0) && line_read(buf, BUFSIZ, fd)) {
|
*buf = 0;
|
||||||
|
while (line_read(buf, BUFSIZ, fd)) {
|
||||||
if (!dns_set && strstr(buf, "nameserver ") == buf) {
|
if (!dns_set && strstr(buf, "nameserver ") == buf) {
|
||||||
p = strrchr(buf, ' ');
|
p = strrchr(buf, ' ');
|
||||||
if (!p)
|
if (!p)
|
||||||
|
|
11
passt.c
11
passt.c
|
@ -212,18 +212,23 @@ static void check_root(void)
|
||||||
close(fd);
|
close(fd);
|
||||||
|
|
||||||
fprintf(stderr, "Don't run this as root. Changing to nobody...\n");
|
fprintf(stderr, "Don't run this as root. Changing to nobody...\n");
|
||||||
|
#ifndef GLIBC_NO_STATIC_NSS
|
||||||
pw = getpwnam("nobody");
|
pw = getpwnam("nobody");
|
||||||
if (!pw) {
|
if (!pw) {
|
||||||
perror("getpwnam");
|
perror("getpwnam");
|
||||||
exit(EXIT_FAILURE);
|
exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (initgroups(pw->pw_name, pw->pw_gid) ||
|
if (!initgroups(pw->pw_name, pw->pw_gid) &&
|
||||||
setgid(pw->pw_gid) || setuid(pw->pw_uid)) {
|
!setgid(pw->pw_gid) && !setuid(pw->pw_uid))
|
||||||
|
return;
|
||||||
|
#else
|
||||||
|
(void)pw;
|
||||||
|
#endif
|
||||||
|
|
||||||
fprintf(stderr, "Can't change to user/group nobody, exiting");
|
fprintf(stderr, "Can't change to user/group nobody, exiting");
|
||||||
exit(EXIT_FAILURE);
|
exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* drop_caps() - Drop capabilities we might have except for CAP_NET_BIND_SERVICE
|
* drop_caps() - Drop capabilities we might have except for CAP_NET_BIND_SERVICE
|
||||||
|
|
11
util.c
11
util.c
|
@ -37,7 +37,7 @@
|
||||||
#include "util.h"
|
#include "util.h"
|
||||||
#include "passt.h"
|
#include "passt.h"
|
||||||
|
|
||||||
/* For __openlog() and __setlogmask() wrappers, and __vsyslog() (replacement) */
|
/* For __openlog() and __setlogmask() wrappers, and passt_vsyslog() */
|
||||||
static int log_mask;
|
static int log_mask;
|
||||||
static int log_sock = -1;
|
static int log_sock = -1;
|
||||||
static char log_ident[BUFSIZ];
|
static char log_ident[BUFSIZ];
|
||||||
|
@ -56,7 +56,7 @@ void name(const char *format, ...) { \
|
||||||
tp.tv_nsec / (100 * 1000)); \
|
tp.tv_nsec / (100 * 1000)); \
|
||||||
} else { \
|
} else { \
|
||||||
va_start(args, format); \
|
va_start(args, format); \
|
||||||
__vsyslog(level, format, args); \
|
passt_vsyslog(level, format, args); \
|
||||||
va_end(args); \
|
va_end(args); \
|
||||||
} \
|
} \
|
||||||
\
|
\
|
||||||
|
@ -121,12 +121,12 @@ void __setlogmask(int mask)
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* __vsyslog() - vsyslog() implementation not using heap memory
|
* passt_vsyslog() - vsyslog() implementation not using heap memory
|
||||||
* @pri: Facility and level map, same as priority for vsyslog()
|
* @pri: Facility and level map, same as priority for vsyslog()
|
||||||
* @format: Same as vsyslog() format
|
* @format: Same as vsyslog() format
|
||||||
* @ap: Same as vsyslog() ap
|
* @ap: Same as vsyslog() ap
|
||||||
*/
|
*/
|
||||||
void __vsyslog(int pri, const char *format, va_list ap)
|
void passt_vsyslog(int pri, const char *format, va_list ap)
|
||||||
{
|
{
|
||||||
char buf[BUFSIZ];
|
char buf[BUFSIZ];
|
||||||
int n;
|
int n;
|
||||||
|
@ -389,6 +389,9 @@ char *line_read(char *buf, size_t len, int fd)
|
||||||
|
|
||||||
p = buf + strlen(buf) + 1;
|
p = buf + strlen(buf) + 1;
|
||||||
|
|
||||||
|
while (*p == '\n' && strlen(p) && (size_t)(p - buf) < len)
|
||||||
|
p++;
|
||||||
|
|
||||||
if (!(nl = strchr(p, '\n')))
|
if (!(nl = strchr(p, '\n')))
|
||||||
return NULL;
|
return NULL;
|
||||||
*nl = 0;
|
*nl = 0;
|
||||||
|
|
2
util.h
2
util.h
|
@ -147,7 +147,7 @@ enum bind_type {
|
||||||
struct ctx;
|
struct ctx;
|
||||||
|
|
||||||
void __openlog(const char *ident, int option, int facility);
|
void __openlog(const char *ident, int option, int facility);
|
||||||
void __vsyslog(int pri, const char *fmt, va_list ap);
|
void passt_vsyslog(int pri, const char *fmt, va_list ap);
|
||||||
void __setlogmask(int mask);
|
void __setlogmask(int mask);
|
||||||
char *ipv6_l4hdr(struct ipv6hdr *ip6h, uint8_t *proto);
|
char *ipv6_l4hdr(struct ipv6hdr *ip6h, uint8_t *proto);
|
||||||
int sock_l4(struct ctx *c, int af, uint8_t proto, uint16_t port,
|
int sock_l4(struct ctx *c, int af, uint8_t proto, uint16_t port,
|
||||||
|
|
Loading…
Reference in a new issue