tools: config-create: make sure we are root when reading input files

File access permissions allow users and root to read PCI config spaces
of devices via sysfs. But depending on your uid you will read different
content.
That is why we have to make sure we open those files as root and can not
just rely on getting an EPERM.

Signed-off-by: Henning Schild <henning.schild@siemens.com>
[Jan: removed extra blank line]
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>

diff --git a/tools/jailhouse-config-collect.tmpl b/tools/jailhouse-config-collect.tmpl
index acdbeddd348f0c3e6e78c8264b761e5e5bc3e62e..196189fb7a1da81b305356304226bfa0def14b2b 100644 (file)
--- a/tools/jailhouse-config-collect.tmpl
+++ b/tools/jailhouse-config-collect.tmpl
@@ -24,6 +24,11 @@
 
 set -e
 
+if test $UID -ne 0; then
+       echo "Please run as root" 1>&2
+       exit 1
+fi
+
 if test -z "$1"; then
        echo "Usage: $0 mytarget.tar" 1>&2
        exit 1

diff --git a/tools/jailhouse-config-create b/tools/jailhouse-config-create
index 187d59e7763dd0d343d397e9d97d3d51fff99311..ca1df100dffbdcd15e1bcd89e8e4f8f635210297 100755 (executable)
--- a/tools/jailhouse-config-create
+++ b/tools/jailhouse-config-create
@@ -450,6 +450,13 @@ class MMConfig:
         return MMConfig(base, end_bus)
 
 
+if (
+    (options.generate_collector is False) and (options.root is '/')
+    and (os.geteuid() is not 0)
+):
+    print('ERROR: You have to be root to work on "/"!', file=sys.stderr)
+    sys.exit(1)
+
 (pcidevices, pcicaps) = parse_pcidevices()
 
 product = [input_readline('/sys/class/dmi/id/sys_vendor',