diff options
| author |   José Bollo <jose.bollo@iot.bzh> | 2018-01-24 11:38:43 +0100 |
|---|---|---|
| committer | José Bollo <jose.bollo@iot.bzh> | 2018-02-13 11:02:00 +0100 |
| commit | f70d712e4f505f5c5b50ae17f4f023d20a667568 (patch) | |
| tree | 57b0aaa702651012e1adfc07f9b6b6c580506f66 /meta-security/lib/oeqa/runtime/files/notroot.py | |
| parent | 3f962c7d202055777dd0238f12dbcf70f09ac07d (diff) | |
Integrate parts of meta-intel-iot-security
Adds the recipes of the sub layers
- meta-security-framework
- meta-security-smack
Change-Id: I618608008a3b3d1d34adb6e38048110f13ac0643
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Diffstat (limited to 'meta-security/lib/oeqa/runtime/files/notroot.py')
| -rw-r--r-- | meta-security/lib/oeqa/runtime/files/notroot.py | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/meta-security/lib/oeqa/runtime/files/notroot.py b/meta-security/lib/oeqa/runtime/files/notroot.py new file mode 100644 index 000000000..f0eb0b5b9 --- /dev/null +++ b/meta-security/lib/oeqa/runtime/files/notroot.py @@ -0,0 +1,33 @@ +#!/usr/bin/env python +# +# Script used for running executables with custom labels, as well as custom uid/gid +# Process label is changed by writing to /proc/self/attr/curent +# +# Script expects user id and group id to exist, and be the same. +# +# From adduser manual: +# """By default, each user in Debian GNU/Linux is given a corresponding group +# with the same name. """ +# +# Usage: root@desk:~# python notroot.py <uid> <label> <full_path_to_executable> [arguments ..] +# eg: python notroot.py 1000 User::Label /bin/ping -c 3 192.168.1.1 +# +# Author: Alexandru Cornea <alexandru.cornea@intel.com> +import os +import sys + +try: + uid = int(sys.argv[1]) + sys.argv.pop(1) + label = sys.argv[1] + sys.argv.pop(1) + open("/proc/self/attr/current", "w").write(label) + path=sys.argv[1] + sys.argv.pop(0) + os.setgid(uid) + os.setuid(uid) + os.execv(path,sys.argv) + +except Exception,e: + print e.message + sys.exit(1) |