From 9e501962301f8c76b17a8eafc83fc2505c5457c0 Mon Sep 17 00:00:00 2001
From: Josh Stone <jistone@redhat.com>
Date: Fri, 22 May 2009 12:17:45 -0700
Subject: Restore staprun's support for REAL_UID/GID

This is needed for run-stap so that stapio and all child processes can
run as the originally invoking user instead of root.
---
 runtime/staprun/staprun_funcs.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

(limited to 'runtime/staprun')

diff --git a/runtime/staprun/staprun_funcs.c b/runtime/staprun/staprun_funcs.c
index 8da7e7e8..781bb999 100644
--- a/runtime/staprun/staprun_funcs.c
+++ b/runtime/staprun/staprun_funcs.c
@@ -459,8 +459,21 @@ int check_permissions(void)
 #endif
 
 	/* If we're root, we can do anything. */
-	if (getuid() == 0)
+	if (getuid() == 0) {
+		/* ... like overriding the real UID */
+		const char *env_id = getenv("SYSTEMTAP_REAL_UID");
+		if (env_id && setreuid(atoi(env_id), -1))
+			err("WARNING: couldn't set staprun UID to '%s': %s",
+					env_id, strerror(errno));
+
+		/* ... or overriding the real GID */
+		env_id = getenv("SYSTEMTAP_REAL_GID");
+		if (env_id && setregid(atoi(env_id), -1))
+			err("WARNING: couldn't set staprun GID to '%s': %s",
+					env_id, strerror(errno));
+
 		return 1;
+	}
 
 	/* Check permissions for group membership.  */
 	check_groups_rc = check_groups ();
-- 
cgit