Use err.h instead of self-implemented error output
This commit is contained in:
parent
13c7aa2ca4
commit
2f56f84214
1 changed files with 14 additions and 20 deletions
34
main.c
34
main.c
|
@ -2,6 +2,7 @@
|
||||||
#define _GNU_SOURCE
|
#define _GNU_SOURCE
|
||||||
#include <sched.h>
|
#include <sched.h>
|
||||||
#include <errno.h>
|
#include <errno.h>
|
||||||
|
#include <err.h>
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
@ -12,12 +13,6 @@
|
||||||
|
|
||||||
pid_t pid_child;
|
pid_t pid_child;
|
||||||
|
|
||||||
void fatal(const char* str, int errcode)
|
|
||||||
{
|
|
||||||
printf("%s (%d)\n", str, errcode);
|
|
||||||
exit(errcode);
|
|
||||||
}
|
|
||||||
|
|
||||||
void drop_root(void)
|
void drop_root(void)
|
||||||
{
|
{
|
||||||
/// Drop root privileges
|
/// Drop root privileges
|
||||||
|
@ -25,15 +20,15 @@ void drop_root(void)
|
||||||
// be able to drop group once we dropped user
|
// be able to drop group once we dropped user
|
||||||
gid_t gid = getgid();
|
gid_t gid = getgid();
|
||||||
if (setresgid(-1,gid,gid) == -1)
|
if (setresgid(-1,gid,gid) == -1)
|
||||||
fatal("Failed to drop root privileges with setresgid", errno);
|
err(errno, "Failed to drop root privileges with setresgid");
|
||||||
|
|
||||||
uid_t uid = getuid();
|
uid_t uid = getuid();
|
||||||
if (setresuid(-1,uid,uid) == -1)
|
if (setresuid(-1,uid,uid) == -1)
|
||||||
fatal("Failed to drop root privileges with setresuid", errno);
|
err(errno, "Failed to drop root privileges with setresuid");
|
||||||
|
|
||||||
// sanity check
|
// sanity check
|
||||||
if (seteuid(0) != -1)
|
if (seteuid(0) != -1)
|
||||||
fatal("Sanity check failed. Able to regain root", 42);
|
errx(1, "Sanity check failed. Able to regain root");
|
||||||
}
|
}
|
||||||
|
|
||||||
struct sigaction forward_signal_descriptor;
|
struct sigaction forward_signal_descriptor;
|
||||||
|
@ -48,8 +43,6 @@ void forward_signal(int sig)
|
||||||
|
|
||||||
int main(int argc, char* const* argv)
|
int main(int argc, char* const* argv)
|
||||||
{
|
{
|
||||||
int err;
|
|
||||||
|
|
||||||
forward_signal_descriptor.sa_flags = SA_RESTART;
|
forward_signal_descriptor.sa_flags = SA_RESTART;
|
||||||
forward_signal_descriptor.sa_handler = &forward_signal;
|
forward_signal_descriptor.sa_handler = &forward_signal;
|
||||||
|
|
||||||
|
@ -64,7 +57,7 @@ int main(int argc, char* const* argv)
|
||||||
// next fork shall be in a new pid namespace
|
// next fork shall be in a new pid namespace
|
||||||
if (unshare(CLONE_NEWPID) != 0)
|
if (unshare(CLONE_NEWPID) != 0)
|
||||||
{
|
{
|
||||||
fatal("Failed to unshare pid namespace", errno);
|
err(errno, "Failed to unshare pid namespace");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Drop root privileges, we only needed those for the unshare call.
|
// Drop root privileges, we only needed those for the unshare call.
|
||||||
|
@ -74,7 +67,7 @@ int main(int argc, char* const* argv)
|
||||||
|
|
||||||
if (pid == -1)
|
if (pid == -1)
|
||||||
{
|
{
|
||||||
fatal("Failed to fork", errno);
|
err(errno, "Failed to fork");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (pid != 0)
|
if (pid != 0)
|
||||||
|
@ -94,7 +87,7 @@ int main(int argc, char* const* argv)
|
||||||
int status;
|
int status;
|
||||||
if (waitpid(pid, &status, 0) == -1)
|
if (waitpid(pid, &status, 0) == -1)
|
||||||
{
|
{
|
||||||
fatal("Failed to wait for init process", errno);
|
err(errno, "Failed to wait for init process");
|
||||||
}
|
}
|
||||||
|
|
||||||
return WEXITSTATUS(status);
|
return WEXITSTATUS(status);
|
||||||
|
@ -109,7 +102,7 @@ int main(int argc, char* const* argv)
|
||||||
pid = fork();
|
pid = fork();
|
||||||
if (pid == -1)
|
if (pid == -1)
|
||||||
{
|
{
|
||||||
fatal("Failed to fork in init process", errno);
|
err(errno, "Failed to fork in init process");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (pid != 0)
|
if (pid != 0)
|
||||||
|
@ -133,18 +126,19 @@ int main(int argc, char* const* argv)
|
||||||
pid_child = first_child;
|
pid_child = first_child;
|
||||||
if (sigaction(SIGTERM, &forward_signal_descriptor, NULL) == -1)
|
if (sigaction(SIGTERM, &forward_signal_descriptor, NULL) == -1)
|
||||||
{
|
{
|
||||||
fatal("Unable to setup signal forward in init", 1);
|
err(1, "Unable to setup signal forward in init");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int wait_errno;
|
||||||
// wait could be interrupt due to a signal. In that case just call wait again.
|
// wait could be interrupt due to a signal. In that case just call wait again.
|
||||||
do {
|
do {
|
||||||
exited_child = wait(&child_status);
|
exited_child = wait(&child_status);
|
||||||
err = errno;
|
wait_errno = errno;
|
||||||
} while (!(exited_child == first_child || (exited_child == -1 && err == ECHILD)));
|
} while (!(exited_child == first_child || (exited_child == -1 && wait_errno == ECHILD)));
|
||||||
|
|
||||||
if (exited_child == -1)
|
if (exited_child == -1)
|
||||||
{
|
{
|
||||||
return err;
|
err(wait_errno, "Error while waiting for subprocess");
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
@ -159,7 +153,7 @@ int main(int argc, char* const* argv)
|
||||||
|
|
||||||
if (execvp(argv[0], argv) == -1)
|
if (execvp(argv[0], argv) == -1)
|
||||||
{
|
{
|
||||||
fatal("Failed to exec", errno);
|
err(errno, "Failed to exec");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue