diff options
| author | Jan Holesovsky <kendy@collabora.com> | 2020-04-23 20:01:04 +0200 |
|---|---|---|
| committer | Jan Holesovsky <kendy@collabora.com> | 2020-04-24 20:58:43 +0200 |
| commit | eb88cb485c9b3a24248f0b8c5eec81f7d3d28d91 (patch) | |
| tree | c9b39b5cd4eab0906d598defcd0a1a10758908a6 /wsd | |
| parent | 840fb7c4bd0c6d4cd4c2937f8830a60e29c92aef (diff) | |
Allow running the production build under a non-lool user when necessary.
But it is insecure, so warn about that.
Change-Id: I151be64f53521e217a5498c0531c9ef2ff8db818
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/92822
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Diffstat (limited to 'wsd')
| -rw-r--r-- | wsd/LOOLWSD.cpp | 10 | ||||
| -rw-r--r-- | wsd/LOOLWSD.hpp | 1 |
2 files changed, 11 insertions, 0 deletions
diff --git a/wsd/LOOLWSD.cpp b/wsd/LOOLWSD.cpp index c34c2c315..7302b3c6c 100644 --- a/wsd/LOOLWSD.cpp +++ b/wsd/LOOLWSD.cpp @@ -728,6 +728,7 @@ std::string LOOLWSD::ConfigFile = LOOLWSD_CONFIGDIR "/loolwsd.xml"; std::string LOOLWSD::ConfigDir = LOOLWSD_CONFIGDIR "/conf.d"; std::string LOOLWSD::LogLevel = "trace"; bool LOOLWSD::AnonymizeUserData = false; +bool LOOLWSD::CheckLoolUser = true; #if ENABLE_SSL Util::RuntimeConstant<bool> LOOLWSD::SSLEnabled; Util::RuntimeConstant<bool> LOOLWSD::SSLTermination; @@ -1422,6 +1423,10 @@ void LOOLWSD::defineOptions(OptionSet& optionSet) .required(false) .repeatable(false)); + optionSet.addOption(Option("disable-lool-user-checking", "", "Don't check whether loolwsd is running under the user 'lool'. NOTE: This is insecure, use only when you know what you are doing!") + .required(false) + .repeatable(false)); + optionSet.addOption(Option("override", "o", "Override any setting by providing full xmlpath=value.") .required(false) .repeatable(true) @@ -1482,6 +1487,8 @@ void LOOLWSD::handleOption(const std::string& optionName, ClientPortNumber = std::stoi(value); else if (optionName == "disable-ssl") _overrideSettings["ssl.enable"] = "false"; + else if (optionName == "disable-lool-user-checking") + CheckLoolUser = false; else if (optionName == "override") { std::string optName; @@ -1740,6 +1747,9 @@ bool LOOLWSD::createForKit() if (NoSeccomp) args.push_back("--noseccomp"); + if (!CheckLoolUser) + args.push_back("--disable-lool-user-checking"); + #if ENABLE_DEBUG if (SingleKit) args.push_back("--singlekit"); diff --git a/wsd/LOOLWSD.hpp b/wsd/LOOLWSD.hpp index 313cd3ca6..bdac020fa 100644 --- a/wsd/LOOLWSD.hpp +++ b/wsd/LOOLWSD.hpp @@ -246,6 +246,7 @@ public: static std::string HostIdentifier; ///< A unique random hash that identifies this server static std::string LogLevel; static bool AnonymizeUserData; + static bool CheckLoolUser; static std::atomic<unsigned> NumConnections; static std::unique_ptr<TraceFileWriter> TraceDumper; #if !MOBILEAPP |