PRIV_RERUNAS(3) Subroutines PRIV_RERUNAS(3)NAMEpriv_rerunas - rerun the program as specified user, possibly in a
chroot jail.
SYNOPSIS
#include <privman.h>
int priv_rerunas(void (*fnptr)(char * const *), char * const arg[],
const char *user, const char *chroot, int flags);
DESCRIPTION
This method, priv_rerunas causes the application to run again, falling
out of priv_init with the original state intact. Only one of the two
Privman client processes will continue to be able to talk to the Priv‐
man server. The function pointed to by fnptr will be called with NULL-
terminated the string array argument provided in arg before the appli‐
cation returns from priv_init, allowing you to change global state as
required. The application will be running as user in the chroot jail
chroot.
Which process can still talk to the Privman server is controlled by the
flags passed in. Pass in PRIV_RR_OLD_SLAVE_MONITORED if you want the
caller to continue to be able to talk to the Privman server, or 0 if
you want the new process to continue to talk to the Privman server.
You can pass NULL for the user and the chroot argmuments, in which case
no chroot jail will be used, and the user will be the default unprivi‐
leged user.
As an example, the following program counts from one to 10.
#include "privman.h"
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
int state = 1;
void rerun_fn(const char *args) {
state = atoi(args);
}
int main(void) {
priv_init("myrerun");
printf("%d ");
if (state < 10) {
char **arg;
arg = (char**)malloc(sizeof(char*) * 2);
arg[0] = malloc(5);
arg[1] = NULL;
snprintf(arg, sizeof(arg)-1, "%d", state + 1);
priv_rerunas(rerun_fn, arg, NULL, NULL, 0);
_exit(0);
}
printf("\n");
}
priv_rerunas requires that allow_rerun be set to true in the applica‐
tion's configuration file. If the application needs to use either the
user or chroot options, then runas_user and chroot will also have to be
set properly in the application's configuration file. See priv‐
man_conf(3) for more detail.
RETURN VALUEpriv_rerunas returns 0 on success, or -1 on failure. If it fails,
errno will be set to an appropriate value, most likely EPERM.
If the PRIV_RR_OLD_SLAVE_MONITORED flag is used, then priv_rerunas will
return the pid of the created process on success. You can get the exit
value of that process by using priv_wait4(3).
FILES
${prefix}/etc/privman.d/appname
The application's configuration file. See privman_conf(5) for
more details.
BUGS
This is not the simpliest primitive to understand. It might be nice if
program execution could continue from the point of invocation rather
than having to restart at priv_init().
It might be useful to be able to pass file descriptors.
AUTHOR
Network Associates. Send email to <privman@nailabs.com>
SEE ALSOpriv_bind(3)priv_daemon(3)priv_execve(3)priv_fopen(3)priv_fork(3)priv_wait4(3)priv_init(3)privman_conf(5)priv_open(3)priv_pam(3)privman(7)priv_respawn_as(3)Unix SEPTEMBER 2002 PRIV_RERUNAS(3)