passt: Static builds: don't redefine __vsyslog(), skip getpwnam() and initgroups()

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
This commit is contained in:
Stefano Brivio 2021-10-16 06:15:05 +02:00
parent 1fd0c9b0e1
commit 2c7d1ce088
5 changed files with 21 additions and 12 deletions

View file

@ -11,7 +11,7 @@ all: passt pasta passt4netns qrap
avx2: CFLAGS += -Ofast -mavx2 -ftree-vectorize -funroll-loops avx2: CFLAGS += -Ofast -mavx2 -ftree-vectorize -funroll-loops
avx2: clean all avx2: clean all
static: CFLAGS += -static static: CFLAGS += -static -DGLIBC_NO_STATIC_NSS
static: clean all static: clean all
seccomp.h: *.c $(filter-out seccomp.h,$(wildcard *.h)) seccomp.h: *.c $(filter-out seccomp.h,$(wildcard *.h))

3
conf.c
View file

@ -293,7 +293,8 @@ static void get_dns(struct ctx *c)
if ((fd = open("/etc/resolv.conf", O_RDONLY)) < 0) if ((fd = open("/etc/resolv.conf", O_RDONLY)) < 0)
goto out; goto out;
while (!(*buf = 0) && line_read(buf, BUFSIZ, fd)) { *buf = 0;
while (line_read(buf, BUFSIZ, fd)) {
if (!dns_set && strstr(buf, "nameserver ") == buf) { if (!dns_set && strstr(buf, "nameserver ") == buf) {
p = strrchr(buf, ' '); p = strrchr(buf, ' ');
if (!p) if (!p)

11
passt.c
View file

@ -212,18 +212,23 @@ static void check_root(void)
close(fd); close(fd);
fprintf(stderr, "Don't run this as root. Changing to nobody...\n"); fprintf(stderr, "Don't run this as root. Changing to nobody...\n");
#ifndef GLIBC_NO_STATIC_NSS
pw = getpwnam("nobody"); pw = getpwnam("nobody");
if (!pw) { if (!pw) {
perror("getpwnam"); perror("getpwnam");
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
if (initgroups(pw->pw_name, pw->pw_gid) || if (!initgroups(pw->pw_name, pw->pw_gid) &&
setgid(pw->pw_gid) || setuid(pw->pw_uid)) { !setgid(pw->pw_gid) && !setuid(pw->pw_uid))
return;
#else
(void)pw;
#endif
fprintf(stderr, "Can't change to user/group nobody, exiting"); fprintf(stderr, "Can't change to user/group nobody, exiting");
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
}
/** /**
* drop_caps() - Drop capabilities we might have except for CAP_NET_BIND_SERVICE * drop_caps() - Drop capabilities we might have except for CAP_NET_BIND_SERVICE

11
util.c
View file

@ -37,7 +37,7 @@
#include "util.h" #include "util.h"
#include "passt.h" #include "passt.h"
/* For __openlog() and __setlogmask() wrappers, and __vsyslog() (replacement) */ /* For __openlog() and __setlogmask() wrappers, and passt_vsyslog() */
static int log_mask; static int log_mask;
static int log_sock = -1; static int log_sock = -1;
static char log_ident[BUFSIZ]; static char log_ident[BUFSIZ];
@ -56,7 +56,7 @@ void name(const char *format, ...) { \
tp.tv_nsec / (100 * 1000)); \ tp.tv_nsec / (100 * 1000)); \
} else { \ } else { \
va_start(args, format); \ va_start(args, format); \
__vsyslog(level, format, args); \ passt_vsyslog(level, format, args); \
va_end(args); \ va_end(args); \
} \ } \
\ \
@ -121,12 +121,12 @@ void __setlogmask(int mask)
} }
/** /**
* __vsyslog() - vsyslog() implementation not using heap memory * passt_vsyslog() - vsyslog() implementation not using heap memory
* @pri: Facility and level map, same as priority for vsyslog() * @pri: Facility and level map, same as priority for vsyslog()
* @format: Same as vsyslog() format * @format: Same as vsyslog() format
* @ap: Same as vsyslog() ap * @ap: Same as vsyslog() ap
*/ */
void __vsyslog(int pri, const char *format, va_list ap) void passt_vsyslog(int pri, const char *format, va_list ap)
{ {
char buf[BUFSIZ]; char buf[BUFSIZ];
int n; int n;
@ -389,6 +389,9 @@ char *line_read(char *buf, size_t len, int fd)
p = buf + strlen(buf) + 1; p = buf + strlen(buf) + 1;
while (*p == '\n' && strlen(p) && (size_t)(p - buf) < len)
p++;
if (!(nl = strchr(p, '\n'))) if (!(nl = strchr(p, '\n')))
return NULL; return NULL;
*nl = 0; *nl = 0;

2
util.h
View file

@ -147,7 +147,7 @@ enum bind_type {
struct ctx; struct ctx;
void __openlog(const char *ident, int option, int facility); void __openlog(const char *ident, int option, int facility);
void __vsyslog(int pri, const char *fmt, va_list ap); void passt_vsyslog(int pri, const char *fmt, va_list ap);
void __setlogmask(int mask); void __setlogmask(int mask);
char *ipv6_l4hdr(struct ipv6hdr *ip6h, uint8_t *proto); char *ipv6_l4hdr(struct ipv6hdr *ip6h, uint8_t *proto);
int sock_l4(struct ctx *c, int af, uint8_t proto, uint16_t port, int sock_l4(struct ctx *c, int af, uint8_t proto, uint16_t port,