Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
isv:cpanel:dev:EA4
mod_suphp
suphp-0.7.1-cagefs.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File suphp-0.7.1-cagefs.patch of Package mod_suphp
diff --git a/configure.ac b/configure.ac index 0a810b6..cdf7ea4 100644 --- a/configure.ac +++ b/configure.ac @@ -170,6 +170,19 @@ AC_ARG_ENABLE([checkpath], ]) +# Cloudlinux LVE + +AC_ARG_ENABLE([lve], + AC_HELP_STRING([--enable-lve], + [Include CloudLinux LVE support]), + [ + if test "$enableval" = "yes"; then + AC_DEFINE(ENABLE_LVE, 1, [Define if you want LVE support]) + AC_CHECK_LIB([dl], [dlopen]) + fi + ]) + + # Minimum UID AC_ARG_WITH([min-uid], diff --git a/src/Application.cpp b/src/Application.cpp index edb3409..0d6e34a 100644 --- a/src/Application.cpp +++ b/src/Application.cpp @@ -37,6 +37,11 @@ #include "Application.hpp" +#ifdef ENABLE_LVE +#include <pwd.h> +#include <dlfcn.h> +#endif + using namespace suPHP; @@ -441,6 +446,29 @@ void suPHP::Application::changeProcessPermissions( throw (SystemException, SoftException, SecurityException) { API& api = API_Helper::getSystemAPI(); +#ifdef ENABLE_LVE +#ifndef SECURELVE_MIN_UID +#define SECURELVE_MIN_UID 100 +#endif + /* cagefs 2.0 suphp patch */ + void *lib_handle = dlopen("liblve.so.0", RTLD_LAZY); + if (lib_handle) { + Logger& logger = API_Helper::getSystemAPI().getSystemLogger(); + char *error; char error_msg[8192]; dlerror(); /* Clear any existing error */ + int (*jail)(struct passwd *, int, char*) = (int (*)(passwd*, int, char*)) dlsym(lib_handle, "lve_jail_uid"); + if ((error = dlerror()) != NULL) { + std::string err("Failed to init LVE library "); + err += error; logger.logWarning(err); + throw SoftException(err, __FILE__, __LINE__); + } + int result = jail(getpwuid(targetUser.getUid()), SECURELVE_MIN_UID, error_msg); + if (result < 0) { + std::string err("CageFS jail error "); + err += error_msg; logger.logWarning(err); + throw SoftException(err, __FILE__, __LINE__); + } + } +#endif // Set new group first, because we still need super-user privileges // for this api.setProcessGroup(targetGroup);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor