security: add cr_fchown

Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

security: add cr_fchown
Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
09c3f5d0 · Ruslan Kuprieiev · Pavel Emelyanov · df301b7e · 09c3f5d0 · 09c3f5d0
Commit 09c3f5d0 authored Jan 29, 2015 by Ruslan Kuprieiev Committed by Pavel Emelyanov Feb 10, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 0 deletions

security.h include/security.h +1 -0

security.c security.c +13 -0

No files found.
--- a/include/security.h
+++ b/include/security.h
@@ -8,5 +8,6 @@ extern int restrict_uid(unsigned int uid, unsigned int gid);
 extern bool may_dump(struct proc_status_creds *);
 extern bool may_restore(struct _CredsEntry *);
 extern bool cr_user_is_root(void);
+extern int cr_fchown(int fd);
 #endif /* __CR_SECURITY_H__ */
--- a/security.c
+++ b/security.c
@@ -169,3 +169,16 @@ bool may_restore(CredsEntry *creds)
 		check_groups(creds->groups, creds->n_groups) &&
 		check_caps(creds->cap_inh, creds->cap_eff, creds->cap_prm);
 }
+int cr_fchown(int fd)
+{
+	if (cr_user_is_root())
+		return 0;
+	if (fchown(fd, cr_uid, cr_gid)) {
+		pr_perror("Can't chown to (%u,%u)", cr_uid, cr_gid);
+		return -1;
+	}
+	return 0;
+}