[Reproducible-commits] [disorderfs] 01/04: Add comments and a helper function

[Andrew Ayer]

This is an automated email from the git hooks/post-receive script.

agwa-guest pushed a commit to branch debian
in repository disorderfs.

commit 5b25cef89f5a5c59c82cebd3a6a217f8c1b55fb1
Author: Andrew Ayer <agwa at andrewayer.name>
Date:   Tue Sep 22 06:24:46 2015 -0700

    Add comments and a helper function
---
 disorderfs.cpp | 32 ++++++++++++++++++++------------
 1 file changed, 20 insertions(+), 12 deletions(-)

diff --git a/disorderfs.cpp b/disorderfs.cpp
index 4160699..6506fff 100644
--- a/disorderfs.cpp
+++ b/disorderfs.cpp
@@ -51,9 +51,17 @@ namespace {
 	};
 	Disorderfs_config		config;
 
+	void perror_and_die (const char* s)
+	{
+		std::perror(s);
+		std::abort();
+	}
+
 	int wrap (int retval) { return retval == -1 ? -errno : 0; }
 	using Dirents = std::vector<std::string>;
 
+	// The libc versions of seteuid, etc. set the credentials for all threads.
+	// We need to set credentials for a single thread only, so call the syscalls directly.
 	int thread_seteuid (uid_t euid)
 	{
 #ifdef SYS_setresuid32
@@ -98,35 +106,35 @@ namespace {
 
 	void drop_privileges ()
 	{
+		// These functions should not fail as long as disorderfs is running as root.
+		// If they do fail, things could be in a pretty inconsistent state, so just
+		// kill the program instead of trying to gracefully recover.
 		const std::vector<gid_t>	groups(get_fuse_groups());
 		if (thread_setgroups(groups.size(), groups.data()) == -1) {
-			std::perror("setgroups");
-			std::abort();
+			perror_and_die("setgroups");
 		}
 		if (thread_setegid(fuse_get_context()->gid) == -1) {
-			std::perror("setegid");
-			std::abort();
+			perror_and_die("setegid");
 		}
 		if (thread_seteuid(fuse_get_context()->uid) == -1) {
-			std::perror("seteuid");
-			std::abort();
+			perror_and_die("seteuid");
 		}
 	}
 
 	void restore_privileges ()
 	{
+		// These functions should not fail as long as disorderfs is running as root.
+		// If they do fail, things could be in a pretty inconsistent state, so just
+		// kill the program instead of trying to gracefully recover.
 		const std::vector<gid_t>	groups;
 		if (thread_seteuid(0) == -1) {
-			std::perror("seteuid()");
-			std::abort();
+			perror_and_die("seteuid()");
 		}
 		if (thread_setegid(0) == -1) {
-			std::perror("setegid(0)");
-			std::abort();
+			perror_and_die("setegid(0)");
 		}
 		if (thread_setgroups(groups.size(), groups.data()) == -1) {
-			std::perror("setgroups(0)");
-			std::abort();
+			perror_and_die("setgroups(0)");
 		}
 	}
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/disorderfs.git