DragonFly On-Line Manual Pages
PRIV_RERUNAS(3) Subroutines PRIV_RERUNAS(3)
NAME
priv_rerunas - rerun the program as specified user, possibly in a
chroot jail.
SYNOPSIS
#include <privman.h>
int priv_rerunas(void (*fnptr)(char * const *), char * const arg[],
const char *user, const char *chroot, int flags);
DESCRIPTION
This method, priv_rerunas causes the application to run again, falling
out of priv_init with the original state intact. Only one of the two
Privman client processes will continue to be able to talk to the
Privman server. The function pointed to by fnptr will be called with
NULL-terminated the string array argument provided in arg before the
application returns from priv_init, allowing you to change global state
as required. The application will be running as user in the chroot
jail chroot.
Which process can still talk to the Privman server is controlled by the
flags passed in. Pass in PRIV_RR_OLD_SLAVE_MONITORED if you want the
caller to continue to be able to talk to the Privman server, or 0 if
you want the new process to continue to talk to the Privman server.
You can pass NULL for the user and the chroot argmuments, in which case
no chroot jail will be used, and the user will be the default
unprivileged user.
As an example, the following program counts from one to 10.
#include "privman.h"
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
int state = 1;
void rerun_fn(const char *args) {
state = atoi(args);
}
int main(void) {
priv_init("myrerun");
printf("%d ");
if (state < 10) {
char **arg;
arg = (char**)malloc(sizeof(char*) * 2);
arg[0] = malloc(5);
arg[1] = NULL;
snprintf(arg, sizeof(arg)-1, "%d", state + 1);
priv_rerunas(rerun_fn, arg, NULL, NULL, 0);
_exit(0);
}
printf("\n");
}
priv_rerunas requires that allow_rerun be set to true in the
application's configuration file. If the application needs to use
either the user or chroot options, then runas_user and chroot will also
have to be set properly in the application's configuration file. See
privman_conf(3) for more detail.
RETURN VALUE
priv_rerunas returns 0 on success, or -1 on failure. If it fails,
errno will be set to an appropriate value, most likely EPERM.
If the PRIV_RR_OLD_SLAVE_MONITORED flag is used, then priv_rerunas will
return the pid of the created process on success. You can get the exit
value of that process by using priv_wait4(3).
FILES
${prefix}/etc/privman.d/appname
The application's configuration file. See privman_conf(5) for
more details.
BUGS
This is not the simpliest primitive to understand. It might be nice if
program execution could continue from the point of invocation rather
than having to restart at priv_init().
It might be useful to be able to pass file descriptors.
AUTHOR
Network Associates. Send email to <privman@nailabs.com>
SEE ALSO
priv_bind(3) priv_daemon(3) priv_execve(3) priv_fopen(3) priv_fork(3)
priv_wait4(3) priv_init(3) privman_conf(5) priv_open(3) priv_pam(3)
privman(7) priv_respawn_as(3)
Unix SEPTEMBER 2002 PRIV_RERUNAS(3)