diff options
author | Natanael Copa <natanael.copa@gmail.com> | 2007-11-16 07:45:20 +0000 |
---|---|---|
committer | Natanael Copa <natanael.copa@gmail.com> | 2007-11-16 07:45:20 +0000 |
commit | 92838457c6cb3ccbba0f1f69c41d1da9c6f7c2d7 (patch) | |
tree | ee7f7fc76aa53e69b15a0460b70bc06c77ac0c3c /privdemo-controller.lua | |
download | acf-sandbox-92838457c6cb3ccbba0f1f69c41d1da9c6f7c2d7.tar.bz2 acf-sandbox-92838457c6cb3ccbba0f1f69c41d1da9c6f7c2d7.tar.xz |
moved priv separation demo to sandboxv0.1
git-svn-id: svn://svn.alpinelinux.org/acf/sandbox/trunk@314 ab2d0c66-481e-0410-8bed-d214d4d58bed
Diffstat (limited to 'privdemo-controller.lua')
-rw-r--r-- | privdemo-controller.lua | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/privdemo-controller.lua b/privdemo-controller.lua new file mode 100644 index 0000000..bd8507f --- /dev/null +++ b/privdemo-controller.lua @@ -0,0 +1,31 @@ +-- ipsec controller + +module(..., package.seeall) + +require("privsep") +require("posix") + +-- we drop privileges on load. in model we have defined what funcs should +-- have privileges in the table 'priv' +mvc ={} +function mvc.on_load(self) + self.priv = privsep.drop_privs("nobody", "nogroup", self.model.priv) +end + +function test(self) + local a = {} + a.model_uid = self.model.getuid() + a.priv_uid = self.priv.getuid() + return a +end + +-- we actually show out text +--function view_resolver(self) +-- return function(self) +-- local k,v +-- io.write("\n\nmy view resolver\n") +-- io.write("Parameters from controller: "..self.."\n") +-- print("my uid = ", posix.getpid().euid) +-- end +--end + |