void Booster::setEnvironmentBeforeLaunch() { // Possibly restore process priority errno = 0; const int cur_prio = getpriority(PRIO_PROCESS, 0); if (!errno && cur_prio < m_appData->priority()) setpriority(PRIO_PROCESS, 0, m_appData->priority()); // Currently, we only have two levels of privileges: // privileged and non-privileged. // Going forward, this could be improved to support // a larger range of privileges via ACLs. if (!isPrivileged(m_appData)) { // The application is not privileged. Drop any user or // group ID inherited from the booster, and instead set // the user ID and group ID of the calling process. if (getuid() != m_appData->userId()) setuid(m_appData->userId()); if (getgid() != m_appData->groupId()) setgid(m_appData->groupId()); // Flip the real group ID forth and back to a dedicated group // id to generate an event for policy (re-)classification. // Using real ID instead of effective for dropping setgid // from calling process (for example lipstick). gid_t orig = getgid(); setegid(m_boosted_gid); if (setregid(orig, orig) == -1) Logger::logError("Failed to set process gid to %d, %s", orig, strerror(errno)); } // Make sure that boosted application can dump core. This must be // done after set[ug]id(). prctl(PR_SET_DUMPABLE, 1); // Reset out-of-memory killer adjustment if (!m_appData->disableOutOfMemAdj()) resetOomAdj(); // Duplicate I/O descriptors for (unsigned int i = 0; i < m_appData->ioDescriptors().size(); i++) { if (m_appData->ioDescriptors()[i] > 0) { dup2(m_appData->ioDescriptors()[i], i); close(m_appData->ioDescriptors()[i]); } } // Set PWD const char * pwd = getenv("PWD"); if (pwd) chdir(pwd); Logger::logDebug("Booster: launching process: '%s' ", m_appData->fileName().c_str()); }
void Booster::setEnvironmentBeforeLaunch() { // Possibly restore process priority errno = 0; const int cur_prio = getpriority(PRIO_PROCESS, 0); if (!errno && cur_prio < m_appData->priority()) setpriority(PRIO_PROCESS, 0, m_appData->priority()); // Currently, we only have two levels of privileges: // privileged and non-privileged. // Going forward, this could be improved to support // a larger range of privileges via ACLs. if (!isPrivileged(m_appData)) { // The application is not privileged. Drop any user or // group ID inherited from the booster, and instead set // the user ID and group ID of the calling process. if (geteuid() != m_appData->userId()) { setuid(m_appData->userId()); } if (getegid() != m_appData->groupId()) { setgid(m_appData->groupId()); } } // Make sure that boosted application can dump core. This must be // done after set[ug]id(). prctl(PR_SET_DUMPABLE, 1); // Reset out-of-memory killer adjustment if (!m_appData->disableOutOfMemAdj()) resetOomAdj(); // Duplicate I/O descriptors for (unsigned int i = 0; i < m_appData->ioDescriptors().size(); i++) { if (m_appData->ioDescriptors()[i] > 0) { dup2(m_appData->ioDescriptors()[i], i); close(m_appData->ioDescriptors()[i]); } } // Set PWD const char * pwd = getenv("PWD"); if (pwd) chdir(pwd); Logger::logDebug("Booster: launching process: '%s' ", m_appData->fileName().c_str()); }
void Booster::setEnvironmentBeforeLaunch() { // Possibly restore process priority errno = 0; const int cur_prio = getpriority(PRIO_PROCESS, 0); if (!errno && cur_prio < m_appData->priority()) setpriority(PRIO_PROCESS, 0, m_appData->priority()); // Set user ID and group ID of calling process if differing // from the ones we got from invoker if (getuid() != m_appData->userId()) setuid(m_appData->userId()); if (getgid() != m_appData->groupId()) setgid(m_appData->groupId()); // Flip the effective group ID forth and back to a dedicated group // id to generate an event for policy (re-)classification. gid_t orig = getegid(); setegid(m_boosted_gid); setegid(orig); // Reset out-of-memory killer adjustment if (!m_appData->disableOutOfMemAdj()) resetOomAdj(); // Request splash screen from mcompositor if needed if (m_appData->splashFileName().length() > 0 || m_appData->landscapeSplashFileName().length() > 0) { // Construct WM_CLASS from the app absolute path std::string wmclass(m_appData->appName()); size_t pos = wmclass.rfind('/'); wmclass.erase(0, pos + 1); wmclass[0] = toupper(wmclass[0]); // Communicate splash data to compositor requestSplash(getpid(), wmclass, m_appData->splashFileName(), m_appData->landscapeSplashFileName(), // Compositor can also show an X pixmap as splash, // but this feature is currently not used. std::string("")); } // Make sure that boosted application can dump core. This must be // done after set[ug]id(). prctl(PR_SET_DUMPABLE, 1); // Duplicate I/O descriptors for (unsigned int i = 0; i < m_appData->ioDescriptors().size(); i++) { if (m_appData->ioDescriptors()[i] > 0) { dup2(m_appData->ioDescriptors()[i], i); close(m_appData->ioDescriptors()[i]); } } // Set PWD const char * pwd = getenv("PWD"); if (pwd) chdir(pwd); Logger::logDebug("Booster: launching process: '%s' ", m_appData->fileName().c_str()); }
void Booster::setEnvironmentBeforeLaunch() { // Possibly restore process priority errno = 0; const int cur_prio = getpriority(PRIO_PROCESS, 0); if (!errno && cur_prio < m_appData->priority()) setpriority(PRIO_PROCESS, 0, m_appData->priority()); // Set user ID and group ID of calling process if differing // from the ones we got from invoker if (getuid() != m_appData->userId()) setuid(m_appData->userId()); if (getgid() != m_appData->groupId()) setgid(m_appData->groupId()); // Flip the effective group ID forth and back to a dedicated group // id to generate an event for policy (re-)classification. gid_t orig = getegid(); setegid(m_boosted_gid); setegid(orig); // Reset out-of-memory killer adjustment if (!m_appData->disableOutOfMemAdj()) resetOomAdj(); #ifdef HAVE_CREDS // filter out invoker-specific credentials Booster::filterOutCreds(m_appData->peerCreds()); // Set application's platform security credentials. // creds_confine2() tries first to use application-specific credentials, but if they are missing // from the system, it uses credentials inherited from the invoker. int err = creds_confine2(m_appData->fileName().c_str(), credp_str2flags("set", NULL), m_appData->peerCreds()); m_appData->deletePeerCreds(); if (err < 0) { // Credential setup has failed, abort. std::string msg("Booster: Failed to setup credentials for launching application: "); std::stringstream ss; ss << err; msg += ss.str(); throw std::runtime_error(msg); } #endif // Request splash screen from mcompositor if needed if (m_appData->splashFileName().length() > 0 || m_appData->landscapeSplashFileName().length() > 0) { // Construct WM_CLASS from the app absolute path std::string wmclass(m_appData->appName()); size_t pos = wmclass.rfind('/'); wmclass.erase(0, pos + 1); wmclass[0] = toupper(wmclass[0]); // Communicate splash data to compositor requestSplash(getpid(), wmclass, m_appData->splashFileName(), m_appData->landscapeSplashFileName(), // Compositor can also show an X pixmap as splash, // but this feature is currently not used. std::string("")); } // Make sure that boosted application can dump core. This must be // done after set[ug]id(). prctl(PR_SET_DUMPABLE, 1); // Duplicate I/O descriptors for (unsigned int i = 0; i < m_appData->ioDescriptors().size(); i++) { if (m_appData->ioDescriptors()[i] > 0) { dup2(m_appData->ioDescriptors()[i], i); close(m_appData->ioDescriptors()[i]); } } // Set PWD const char * pwd = getenv("PWD"); if (pwd) chdir(pwd); Logger::logDebug("Booster: launching process: '%s' ", m_appData->fileName().c_str()); }