summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorTomasz Kramkowski <tomasz@kramkow.ski>2023-01-27 14:22:33 +0000
committerTomasz Kramkowski <tomasz@kramkow.ski>2023-01-27 14:22:33 +0000
commitbdd8126b938de11272f79bb7f512316740469ed7 (patch)
tree5a46eaf4942f4a21552cf606b35effe5ac1c97c4 /src
parent6cef9f0fc159de4c9fd708050ec76adb4e74d390 (diff)
downloadpam_usercg_rust-bdd8126b938de11272f79bb7f512316740469ed7.tar.gz
pam_usercg_rust-bdd8126b938de11272f79bb7f512316740469ed7.tar.xz
pam_usercg_rust-bdd8126b938de11272f79bb7f512316740469ed7.zip
use cap-std
Diffstat (limited to 'src')
-rw-r--r--src/lib.rs26
1 files changed, 14 insertions, 12 deletions
diff --git a/src/lib.rs b/src/lib.rs
index 23f5b79..434eb29 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -1,9 +1,9 @@
-use libc::mode_t;
-use openat::{Dir, AsPath};
+use cap_std::fs::{Dir, OpenOptions};
use pam::constants::{PamFlag, PamResultCode};
use pam::module::{PamHandle, PamHooks};
use std::ffi::CStr;
use std::io::{ErrorKind, Write};
+use std::path::Path;
use std::process;
const CG_MOUNT: &str = "/sys/fs/cgroup";
@@ -11,17 +11,17 @@ const CG_MOUNT: &str = "/sys/fs/cgroup";
struct PAMUserCG;
pam::pam_hooks!(PAMUserCG);
-fn create_and_open_dir<P: AsPath + Copy>(
- d: &Dir, path: P, mode: mode_t,
+fn create_and_open_dir<P: AsRef<Path> + Copy>(
+ d: &Dir, path: P,
) -> std::io::Result<Dir> {
- match d.create_dir(path, mode) {
+ match d.create_dir(path) {
Ok(()) => Ok(()),
Err(e) => match e.kind() {
ErrorKind::AlreadyExists => Ok(()),
_ => Err(e),
}
}?;
- d.sub_dir(path)
+ d.open_dir(path)
}
struct SessionError;
@@ -29,14 +29,16 @@ struct SessionError;
fn open_session(h: &mut PamHandle) -> Result<(), SessionError> {
let user = h.get_user(None).or(Err(SessionError))?;
let user = users::get_user_by_name(&user).ok_or(SessionError)?;
- let d = Dir::open(CG_MOUNT).or(Err(SessionError))?;
- let d = create_and_open_dir(&d, "user", 0o777).or(Err(SessionError))?;
- let d = create_and_open_dir(&d, &user.uid().to_string(), 0o777)
+ let aa = cap_std::ambient_authority();
+ let d = Dir::open_ambient_dir(CG_MOUNT, aa).or(Err(SessionError))?;
+ let d = create_and_open_dir(&d, "user").or(Err(SessionError))?;
+ let d = create_and_open_dir(&d, &user.uid().to_string())
.or(Err(SessionError))?;
- let d = create_and_open_dir(&d, "leaf", 0o777).or(Err(SessionError))?;
+ let d = create_and_open_dir(&d, "leaf").or(Err(SessionError))?;
let pid = process::id().to_string();
- let mut procs = d.open_file_ex("cgroup.procs", libc::O_WRONLY, 0)
- .or(Err(SessionError))?;
+ let mut options = OpenOptions::new();
+ options.write(true);
+ let mut procs = d.open_with("cgroup.procs", &options).or(Err(SessionError))?;
procs.write_all(pid.as_bytes()).or(Err(SessionError))?;
Ok(())
}