policycoreutils: sandbox: seunshare: introduce helper spawn_command

Introduce a helper which will spawn children and wait for them to exit so we don't have to keep writing that code over and over. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2024-11-30 15:00:22 +00:00 · 2011-08-05 14:06:34 -04:00 · 2011-08-05 14:06:34 -04:00 · f6558d9cec
commit f6558d9cec
parent bf22cff3ea
1 changed files with 41 additions and 0 deletions
--- a/policycoreutils/sandbox/seunshare.c
+++ b/policycoreutils/sandbox/seunshare.c
@ -97,6 +97,47 @@ static int set_signal_handles(void)
 	return 0;
 }

+#define status_to_retval(status,retval) do { \
+	if ((status) == -1) \
+		retval = -1; \
+	else if (WIFEXITED((status))) \
+		retval = WEXITSTATUS((status)); \
+	else if (WIFSIGNALED((status))) \
+		retval = 128 + WTERMSIG((status)); \
+	else \
+		retval = -1; \
+	} while(0)
+
+/**
+ * Spawn external command using system() with dropped privileges.
+ * TODO: avoid system() and use exec*() instead
+ */
+static int spawn_command(const char *cmd, uid_t uid){
+	int child;
+	int status = -1;
+
+	if (verbose > 1)
+		printf("spawn_command: %s\n", cmd);
+
+	child = fork();
+	if (child == -1) {
+		perror(_("Unable to fork"));
+		return status;
+	}
+
+	if (child == 0) {
+		if (drop_privs(uid) != 0) exit(-1);
+
+		status = system(cmd);
+		status_to_retval(status, status);
+		exit(status);
+	}
+
+	waitpid(child, &status, 0);
+	status_to_retval(status, status);
+	return status;
+}
+
 /**
 * This function makes sure the mounted directory is owned by the user executing
 * seunshare.