Skip to content

Commit

Permalink
launch/policy: prevent linking policies on invalid gids
Browse files Browse the repository at this point in the history
Invalid groups/users are reported as `-1` by the config parser, and
generally ignored by the policy import. Unfortunately, the own-policy
importer does not check for it when importing into groups. Fix this and
align it with `policy_import_send/recv`.

Signed-off-by: David Rheinsberg <[email protected]>
  • Loading branch information
dvdhrm committed Aug 2, 2024
1 parent fedceff commit 4fa73fd
Showing 1 changed file with 6 additions and 4 deletions.
10 changes: 6 additions & 4 deletions src/launch/policy.c
Original file line number Diff line number Diff line change
Expand Up @@ -396,11 +396,13 @@ static int policy_import_own(Policy *policy, ConfigNode *cnode) {
} else if (cnode->parent->policy.context == CONFIG_POLICY_AT_CONSOLE) {
c_list_link_tail(&policy->at_console_entries.own_list, &record->link);
} else if (cnode->parent->policy.context == CONFIG_POLICY_GROUP) {
r = policy_at_gid(policy, &node, cnode->parent->policy.id);
if (r)
return error_trace(r);
if (cnode->parent->policy.id != (uint32_t)-1) {
r = policy_at_gid(policy, &node, cnode->parent->policy.id);
if (r)
return error_trace(r);

c_list_link_tail(&node->entries.own_list, &record->link);
c_list_link_tail(&node->entries.own_list, &record->link);
}
} else {
c_list_link_tail(&policy->default_entries.own_list, &record->link);
}
Expand Down

0 comments on commit 4fa73fd

Please sign in to comment.