Move runas handling from vl.c to OS specific files.

[qemu.git] / os-posix.c

diff --git a/os-posix.c b/os-posix.c
index 0deddf3e419a16804f28236de33645353e7c40f9..8b686a44e1c54c14be9377fc98152022ca95a8e5 100644 (file)
--- a/os-posix.c
+++ b/os-posix.c
@@ -28,6 +28,7 @@
 #include <signal.h>
 #include <sys/types.h>
 #include <sys/wait.h>
+#include <pwd.h>
 #include <libgen.h>
 
 /* Needed early for CONFIG_BSD etc. */
@@ -36,6 +37,8 @@
 #include "net/slirp.h"
 #include "qemu-options.h"
 
+static struct passwd *user_pwd;
+
 void os_setup_early_signal_handling(void)
 {
     struct sigaction act;
@@ -146,6 +149,31 @@ void os_parse_cmd_args(int index, const char *optarg)
             exit(1);
         break;
 #endif
+    case QEMU_OPTION_runas:
+        user_pwd = getpwnam(optarg);
+        if (!user_pwd) {
+            fprintf(stderr, "User \"%s\" doesn't exist\n", optarg);
+            exit(1);
+        }
+        break;
     }
     return;
 }
+
+void os_change_process_uid(void)
+{
+    if (user_pwd) {
+        if (setgid(user_pwd->pw_gid) < 0) {
+            fprintf(stderr, "Failed to setgid(%d)\n", user_pwd->pw_gid);
+            exit(1);
+        }
+        if (setuid(user_pwd->pw_uid) < 0) {
+            fprintf(stderr, "Failed to setuid(%d)\n", user_pwd->pw_uid);
+            exit(1);
+        }
+        if (setuid(0) != -1) {
+            fprintf(stderr, "Dropping privileges failed\n");
+            exit(1);
+        }
+    }
+}