"/usr/bin/afb-daemon",
"--alias=/icons:%I",
"--port=%P",
- "--rootdir=%D",
+ "--rootdir=%r",
"--token=%S",
NULL
};
};
static const char *args_for_web_runtime[] = {
- "/usr/share/qt5/examples/webkitwidgets/browser/browser",
+ "/usr/bin/web-runtime",
"http://localhost:%P/%c?token=%S",
NULL
};
const char **slave_args;
};
+static gid_t groupid = 0;
+
static char **instantiate_arguments(const char **args, struct afm_launch_desc *desc, struct launchparam *params)
{
const char **iter, *p, *v;
}
/********* in the master child ************/
+
+ /* avoid set-gid effect */
+ setresgid(groupid, groupid, groupid);
+
/* enter the process group */
rc = setpgid(0, 0);
if (rc) {
close(spipe[0]);
/* wait the ready signal (that transmit the slave pid) */
rc = read(mpipe[0], &children[1], sizeof children[1]);
- if (rc < 0) {
+ close(mpipe[0]);
+ if (rc <= 0) {
ERROR("reading master pipe failed: %m");
- close(mpipe[0]);
close(spipe[1]);
return -1;
}
- close(mpipe[0]);
assert(rc == sizeof children[1]);
/* start the child */
rc = write(spipe[1], "start", 5);
close(mpipe[0]);
close(spipe[1]);
+ /* avoid set-gid effect */
+ setresgid(groupid, groupid, groupid);
+
/* enter the process group */
rc = setpgid(0, 0);
if (rc) {
/********* in the slave child ************/
close(mpipe[0]);
rc = read(spipe[0], message, sizeof message);
- if (rc < 0) {
+ if (rc <= 0) {
ERROR("reading slave pipe failed: %m");
_exit(1);
}
}
else {
rc = write(mpipe[1], &children[1], sizeof children[1]);
- if (rc < 0) {
+ if (rc <= 0) {
ERROR("can't write master pipe: %m");
}
else {
_exit(1);
}
+static void afm_launch_init_group()
+{
+ if (!groupid) {
+ gid_t r, e, s;
+ getresgid(&r, &e, &s);
+ if (s && s != e)
+ groupid = s;
+ else
+ groupid = -1;
+ }
+}
+
int afm_launch(struct afm_launch_desc *desc, pid_t children[2])
{
char datadir[PATH_MAX];
char secret[9];
struct launchparam params;
+ /* static init */
+ afm_launch_init_group();
+
/* what launcher ? */
ikl = 0;
if (desc->type != NULL && *desc->type) {
Code Review / src / app-framework-main.git / blobdiff