From ab3f4a073671a0f36b23988e0ece7adbe476a053 Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Tue, 22 Nov 2016 15:48:46 +0100
Subject: executor: fix sandbox=setuid

Need to chmod(0777) the work dir before we do setuid(nobody).
Otherwise nobody user won't have rights to use the temp dir.
---
 csource/common.go | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'csource')

diff --git a/csource/common.go b/csource/common.go
index 76de0877e..70e84ad1f 100644
--- a/csource/common.go
+++ b/csource/common.go
@@ -3,7 +3,9 @@ package csource
 
 var commonHeader = `
 
+#ifndef _GNU_SOURCE
 #define _GNU_SOURCE
+#endif
 #include <dirent.h>
 #include <errno.h>
 #include <fcntl.h>
@@ -227,6 +229,8 @@ static void setup_main_process()
 	char* tmpdir = mkdtemp(tmpdir_template);
 	if (!tmpdir)
 		fail("failed to mkdtemp");
+	if (chmod(tmpdir, 0777))
+		fail("failed to chmod");
 	if (chdir(tmpdir))
 		fail("failed to chdir");
 }
-- 
cgit mrf-deployment