Merge pull request #2476 from h2zh/xrdhttp-pelican-0.0.7

Fix pelican-server binary panic and Upgrade xrdhttp-pelican to v0.0.7

Author: h2zh

images/Dockerfile

@@ -56,7 +56,7 @@ ARG LOTMAN_VER=0.0.4
 ARG XRDCL_PELICAN_SRC_BUILD=false
 ARG XRDCL_PELICAN_VER=1.2.3
 ARG XRDHTTP_PELICAN_SRC_BUILD=false
-ARG XRDHTTP_PELICAN_VER=0.0.6
+ARG XRDHTTP_PELICAN_VER=0.0.7
 ARG XROOTD_LOTMAN_SRC_BUILD=false
 ARG XROOTD_LOTMAN_VER=0.0.3
 ARG XROOTD_S3_HTTP_SRC_BUILD=true

launchers/droppriv_unix.go

@@ -30,6 +30,25 @@ import (
 	"github.com/pelicanplatform/pelican/param"
 )
 
+// rawSetuid and rawSetgid perform setuid and setgid using syscall.RawSyscall()
+// to avoid syscall.Setgid() and syscall.Setuid(). The latter internally use
+// AllThreadsSyscall(), which fails when CGO is disabled.
+func rawSetuid(uid int) error {
+	_, _, errno := syscall.RawSyscall(syscall.SYS_SETUID, uintptr(uid), 0, 0)
+	if errno != 0 {
+		return errno
+	}
+	return nil
+}
+
+func rawSetgid(gid int) error {
+	_, _, errno := syscall.RawSyscall(syscall.SYS_SETGID, uintptr(gid), 0, 0)
+	if errno != 0 {
+		return errno
+	}
+	return nil
+}
+
 func dropPrivileges() (err error) {
 	log.Info("Dropping privileges to user ", param.Server_UnprivilegedUser.GetString())
 	var puser config.User
@@ -45,11 +64,13 @@ func dropPrivileges() (err error) {
 		err = errors.Errorf("unable to drop privileges to user (user %s, group %s) with GID 0", puser.Username, puser.Groupname)
 		return
 	}
-	if err = syscall.Setgid(puser.Gid); err != nil {
+
+	// Use raw syscalls to avoid failures when CGO is disabled
+	if err = rawSetgid(puser.Gid); err != nil {
 		err = errors.Wrap(err, "failed to drop group privileges")
 		return
 	}
-	if err = syscall.Setuid(puser.Uid); err != nil {
+	if err = rawSetuid(puser.Uid); err != nil {
 		err = errors.Wrap(err, "failed to drop user privileges")
 		return
 	}