1 #ifndef RESTRICT_ACCESS_H 2 #define RESTRICT_ACCESS_H 3 4 enum restrict_access_flags { 5 /* If flags given to restrict_access() include 6 * RESTRICT_ACCESS_FLAG_ALLOW_ROOT, we won't kill 7 * ourself when we have root privileges. */ 8 RESTRICT_ACCESS_FLAG_ALLOW_ROOT = 1, 9 }; 10 11 struct restrict_access_settings { 12 /* UID to use, or (uid_t)-1 if you don't want to change it */ 13 uid_t uid; 14 /* Effective GID to use, or (gid_t)-1 if you don't want to change it */ 15 gid_t gid; 16 /* If not (gid_t)-1, the privileged GID can be temporarily 17 enabled/disabled. */ 18 gid_t privileged_gid; 19 20 /* Add access to these space or comma -separated extra groups */ 21 const char *extra_groups; 22 /* Add access to groups this system user belongs to */ 23 const char *system_groups_user; 24 25 /* All specified GIDs must be in this range. If extra_groups or system 26 group user contains other GIDs, they're silently dropped. */ 27 gid_t first_valid_gid, last_valid_gid; 28 29 /* Human readable "source" of UID and GID values. If non-NULL, 30 displayed on error messages about failing to change uid/gid. */ 31 const char *uid_source, *gid_source; 32 33 /* Chroot directory */ 34 const char *chroot_dir; 35 36 /* Allow running in setuid-root mode, where real UID is root and 37 * effective UID is non-root. By default the real UID is changed 38 * to be the same as the effective UID. */ 39 bool allow_setuid_root; 40 }; 41 42 /* Initialize settings with values that don't change anything. */ 43 void restrict_access_init(struct restrict_access_settings *set); 44 /* Restrict access as specified by the settings. If home is not NULL, 45 it's chdir()ed after chrooting, otherwise it chdirs to / (the chroot). */ 46 void restrict_access(const struct restrict_access_settings *set, 47 enum restrict_access_flags flags, const char *home) 48 ATTR_NULL(3); 49 /* Set environment variables so they can be read with 50 restrict_access_by_env(). */ 51 void restrict_access_set_env(const struct restrict_access_settings *set); 52 /* Read restrict_access_set_env() environments back into struct. */ 53 void restrict_access_get_env(struct restrict_access_settings *set_r); 54 /* Read restrictions from environment and call restrict_access(). 55 If flags do not include RESTRICT_ACCESS_FLAG_ALLOW_ROOT, we'll kill ourself 56 unless the RESTRICT_* environments caused root privileges to be dropped */ 57 void restrict_access_by_env(enum restrict_access_flags flags, 58 const char *home) ATTR_NULL(2); 59 60 /* Return the chrooted directory if restrict_access*() chrooted, 61 otherwise NULL. */ 62 const char *restrict_access_get_current_chroot(void); 63 64 /* 65 Checks if PR_SET_DUMPABLE environment variable is set, and if it is, 66 calls restrict_access_set_dumpable(allow). 67 */ 68 void restrict_access_allow_coredumps(bool allow); 69 70 /* Sets process dumpable true or false. Setting this true allows core dumping, 71 reading /proc/self/io, attaching with PTRACE_ATTACH, and also changes 72 ownership of /proc/[pid] directory. */ 73 void restrict_access_set_dumpable(bool allow); 74 75 /* Gets process dumpability, returns TRUE if not supported, because 76 we then assume that constraint is not present. */ 77 bool restrict_access_get_dumpable(void); 78 79 /* If privileged_gid was set, these functions can be used to temporarily 80 gain access to the group. */ 81 int restrict_access_use_priv_gid(void); 82 void restrict_access_drop_priv_gid(void); 83 /* Returns TRUE if privileged GID exists for this process. */ 84 bool restrict_access_have_priv_gid(void); 85 86 gid_t *restrict_get_groups_list(unsigned int *gid_count_r); 87 88 void restrict_access_deinit(void); 89 90 #endif 91