diff options
author | Tomasz Kramkowski <tomasz@kramkow.ski> | 2023-01-27 14:22:33 +0000 |
---|---|---|
committer | Tomasz Kramkowski <tomasz@kramkow.ski> | 2023-01-27 14:22:33 +0000 |
commit | bdd8126b938de11272f79bb7f512316740469ed7 (patch) | |
tree | 5a46eaf4942f4a21552cf606b35effe5ac1c97c4 /src | |
parent | 6cef9f0fc159de4c9fd708050ec76adb4e74d390 (diff) | |
download | pam_usercg_rust-bdd8126b938de11272f79bb7f512316740469ed7.tar.gz pam_usercg_rust-bdd8126b938de11272f79bb7f512316740469ed7.tar.xz pam_usercg_rust-bdd8126b938de11272f79bb7f512316740469ed7.zip |
use cap-std
Diffstat (limited to 'src')
-rw-r--r-- | src/lib.rs | 26 |
1 files changed, 14 insertions, 12 deletions
@@ -1,9 +1,9 @@ -use libc::mode_t; -use openat::{Dir, AsPath}; +use cap_std::fs::{Dir, OpenOptions}; use pam::constants::{PamFlag, PamResultCode}; use pam::module::{PamHandle, PamHooks}; use std::ffi::CStr; use std::io::{ErrorKind, Write}; +use std::path::Path; use std::process; const CG_MOUNT: &str = "/sys/fs/cgroup"; @@ -11,17 +11,17 @@ const CG_MOUNT: &str = "/sys/fs/cgroup"; struct PAMUserCG; pam::pam_hooks!(PAMUserCG); -fn create_and_open_dir<P: AsPath + Copy>( - d: &Dir, path: P, mode: mode_t, +fn create_and_open_dir<P: AsRef<Path> + Copy>( + d: &Dir, path: P, ) -> std::io::Result<Dir> { - match d.create_dir(path, mode) { + match d.create_dir(path) { Ok(()) => Ok(()), Err(e) => match e.kind() { ErrorKind::AlreadyExists => Ok(()), _ => Err(e), } }?; - d.sub_dir(path) + d.open_dir(path) } struct SessionError; @@ -29,14 +29,16 @@ struct SessionError; fn open_session(h: &mut PamHandle) -> Result<(), SessionError> { let user = h.get_user(None).or(Err(SessionError))?; let user = users::get_user_by_name(&user).ok_or(SessionError)?; - let d = Dir::open(CG_MOUNT).or(Err(SessionError))?; - let d = create_and_open_dir(&d, "user", 0o777).or(Err(SessionError))?; - let d = create_and_open_dir(&d, &user.uid().to_string(), 0o777) + let aa = cap_std::ambient_authority(); + let d = Dir::open_ambient_dir(CG_MOUNT, aa).or(Err(SessionError))?; + let d = create_and_open_dir(&d, "user").or(Err(SessionError))?; + let d = create_and_open_dir(&d, &user.uid().to_string()) .or(Err(SessionError))?; - let d = create_and_open_dir(&d, "leaf", 0o777).or(Err(SessionError))?; + let d = create_and_open_dir(&d, "leaf").or(Err(SessionError))?; let pid = process::id().to_string(); - let mut procs = d.open_file_ex("cgroup.procs", libc::O_WRONLY, 0) - .or(Err(SessionError))?; + let mut options = OpenOptions::new(); + options.write(true); + let mut procs = d.open_with("cgroup.procs", &options).or(Err(SessionError))?; procs.write_all(pid.as_bytes()).or(Err(SessionError))?; Ok(()) } |