def _dropPrivs(self): if os.getuid(): # Nothing we can do here. return if self.capabilities: # libcap isn't available in chrooted environments, so don't import # it unless we're actually going to use it. from rmake.lib import pycap if self.user: pwent = pwd.getpwnam(self.user) if self.groups: groupIds = [] for group in self.groups: grpent = grp.getgrnam(group) groupIds.append(grpent.gr_gid) os.setgroups(groupIds) else: os.setgroups([]) if self.capabilities: pycap.set_keepcaps(True) os.setgid(pwent.pw_gid) os.setuid(pwent.pw_uid) if self.capabilities: pycap.cap_set_proc(self.capabilities)
def start(self, fork=True): if not os.getuid(): # libcap isn't available in the chroot, so delay importing # until here. from rmake.lib import pycap if self.user: pwent = pwd.getpwnam(self.user) if self.groups: groupIds = [] for group in self.groups: grpent = grp.getgrnam(group) groupIds.append(grpent.gr_gid) os.setgroups(groupIds) else: os.setgroups([]) if self.capabilities: pycap.set_keepcaps(True) os.setgid(pwent.pw_gid) os.setuid(pwent.pw_uid) if self.capabilities: pycap.cap_set_proc(self.capabilities) logPath = os.path.join(self.cfg.logDir, "%s.log" % self.name) try: self.logger.logToFile(logPath) except EnvironmentError, e: # this should handle most permission problems nicely self.logger.error('Could not open logfile: %s' % (e)) return 1