diff options
author | Yu Watanabe <watanabe.yu+github@gmail.com> | 2022-12-20 09:58:47 +0900 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-12-20 09:58:47 +0900 |
commit | 8d8d4b092aa94803c01638a2a7343d12f2b2776c (patch) | |
tree | c6316a6403915f6ae8f237c904d01a6e3e5b6083 /src | |
parent | 53a568f327da182164e74eca4892b1f19a3c17b8 (diff) | |
parent | d5e5bc2fe9eaa4697c22b84007f18bda29756573 (diff) | |
download | systemd-8d8d4b092aa94803c01638a2a7343d12f2b2776c.tar.gz |
Merge pull request #25787 from msekletar/rename-process-cap
units: allow systemd-userdbd to change process name
Diffstat (limited to 'src')
-rw-r--r-- | src/basic/argv-util.c | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/src/basic/argv-util.c b/src/basic/argv-util.c index 54649f4bda..fe152502fd 100644 --- a/src/basic/argv-util.c +++ b/src/basic/argv-util.c @@ -6,6 +6,7 @@ #include <unistd.h> #include "argv-util.h" +#include "capability-util.h" #include "errno-util.h" #include "missing_sched.h" #include "parse-util.h" @@ -83,12 +84,9 @@ static int update_argv(const char name[], size_t l) { return 0; can_do = false; /* We'll set it to true only if the whole process works */ - /* Let's not bother with this if we don't have euid == 0. Strictly speaking we should check for the - * CAP_SYS_RESOURCE capability which is independent of the euid. In our own code the capability generally is - * present only for euid == 0, hence let's use this as quick bypass check, to avoid calling mmap() if - * PR_SET_MM_ARG_{START,END} fails with EPERM later on anyway. After all geteuid() is dead cheap to call, but - * mmap() is not. */ - if (geteuid() != 0) + /* Calling prctl() with PR_SET_MM_ARG_{START,END} requires CAP_SYS_RESOURCE so let's use this as quick bypass + * check, to avoid calling mmap() should PR_SET_MM_ARG_{START,END} fail with EPERM later on anyway. */ + if (!have_effective_cap(CAP_SYS_RESOURCE)) return log_debug_errno(SYNTHETIC_ERRNO(EPERM), "Skipping PR_SET_MM, as we don't have privileges."); |