When an error happens during the restore of the uid/gid in RunAsUidGid()
deal with that more gracefully. Instead of panic() it is enough to
return the error but *not* call `runtime.UnlockOSThread()`. Because
the uid/gid is per OS-thread on restore failure it is enough to let
the thread "die" which will happen automatically when
runtime.UnlockOSThread is not called.
Also adding a test that ensures that on failure the thread is not
reused and the other threads have the correct uid.
Clarify that on the *kernel* level the user/group ID are per-thread
attributes. However POSIX require all thread to share the same
credentials. This is why the code in RunAsUidGid uses RawSyscall()
and not the syscall.Setreuid() or similar helper.
* userd: add OpenFile D-Bus method for opening local files
* interfaces: allow OpenFile method in cases where OpenURL was allowed
* userd: make changes requested by zyga
* userd: add a parentWindow argument, as requested by mvo
* userd: stat the filename first, as requested by jdstrand
* userd: check that the sender is still connected to the bus after looking
up process information
* osutil/sys: reimplement getuid and chown with the right int type
Due to golang#22739, os.Getuid() and co, and os.Chown and co, use the
wrong integer type and are thus wrong for high ids (especially
noticeable on 32-bit arches). This change addresses this (the only
remaining uses are for comparing with 0, which is OK), but it still
impacts godbus in our dependencies -- anything that uses godbus on a
system with high uids is broken today.
* osutil/sys: use a custom type for uids and gids
* cmd/snap-update-ns: also switch to uint32 uids/gids
* bboozzoo finds a bug, leads me to write a test, which finds a deeper bug
* in 14.04 tests go is not on the default PATH...
