[SOLVED]My setuid program cannot manipulate openrc services
To explain the purpose of my program very briefly: it takes a command as an argument, checks if the command exists in a list of allowed commands, and executes that command as root.
The program worked fine, however, when I tried to manipulate services, like for example rc-service cupsd start, it gave me this error:
* No permission to apply cgroup settings
* checkpath: unable to open directory: Permission denied
* checkpath: mkdirat: Permission denied
* checkpath: mkdirat: Permission denied
* checkpath: /run/cups/certs: could not open cups: No such file or directory
* ERROR: cupsd failed to start
It also gave me this error for executing rc-service tor restart:
/usr/lib/openrc/sh/openrc-run.sh: line 258: ulimit: open files: cannot modify limit: Operation not permitted
* tor: unable to apply RC_ULIMIT settings
* No permission to apply cgroup settings
* Stopping tor ...
* Unable to shut down the supervisor [ ok ]
/usr/lib/openrc/sh/openrc-run.sh: line 258: ulimit: open files: cannot modify limit: Operation not permitted
* tor: unable to apply RC_ULIMIT settings
* No permission to apply cgroup settings
* Tor configuration (/etc/tor/torrc) is not valid.
* Example is in /etc/tor/torrc.sample
* ERROR: tor failed to start
I verified that my program actually works by supplying it with a command like ls -la /root and it worked without a problem, showing me the files in /root.
I'm guessing this is somehow related to cgroups, but I'm not exactly an expert on that matter and that is why I decided to post here so that people more knowledgeable than me would be kind enough to help me out on that.
So with that in mind, what is the cause of the issue, and is there a fix for it?
This is the source code of program https://github.com/Lancia-Greggori/priv/blob/main/priv.c for anyone interested.
Topic: [SOLVED]My setuid program cannot manipulate openrc services (Read 692 times)
previous topic - next topic