Maks1mS/ALR
1
0
Fork 0
forked from Plemya-x/ALR
Code Pull Requests Activity

wip

Browse Source
This commit is contained in:
Maxim Slipenko
2025-04-15 17:52:50 +03:00
parent 6df5baa457
commit 57225e05bd
13 changed files with 176 additions and 152 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
internal/utils/cmd.go
View File

@@ -73,6 +73,18 @@ func DropCapsToAlrUser() error {
return EnsureIsAlrUser()
}
func ExitIfCantDropGidToAlr() cli.ExitCoder {
_, gid, err := GetUidGidAlrUser()
if err != nil {
return cliutils.FormatCliExit("cannot get gid alr", err)
}
err = syscall.Setgid(gid)
if err != nil {
return cliutils.FormatCliExit("cannot get setgid alr", err)
}
return nil
}
// ExitIfCantDropCapsToAlrUser attempts to drop capabilities to the already
// running user. Returns a cli.ExitCoder with an error if the operation fails.
// See also [ExitIfCantDropCapsToAlrUserNoPrivs] for a version that also applies
@@ -85,14 +97,22 @@ func ExitIfCantDropCapsToAlrUser() cli.ExitCoder {
return nil
}
// ExitIfCantDropCapsToAlrUserNoPrivs combines [ExitIfCantDropCapsToAlrUser] with [NoNewPrivs]
func ExitIfCantSetNoNewPrivs() cli.ExitCoder {
if err := NoNewPrivs(); err != nil {
return cliutils.FormatCliExit("error no new privs", err)
}
return nil
}
// ExitIfCantDropCapsToAlrUserNoPrivs combines [ExitIfCantDropCapsToAlrUser] with [ExitIfCantSetNoNewPrivs]
func ExitIfCantDropCapsToAlrUserNoPrivs() cli.ExitCoder {
if err := ExitIfCantDropCapsToAlrUser(); err != nil {
return err
}
if err := NoNewPrivs(); err != nil {
return cliutils.FormatCliExit("error no new privs", err)
if err := ExitIfCantSetNoNewPrivs(); err != nil {
return err
}
return nil