From 2afe62eb60bc8c9121aa89a45f96e0013087f675 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 13 Jul 2017 12:07:35 +0100
Subject: [PATCH] builder: templates: Prevent script from being run as root.

Or with LIBVIRT_DEFAULT_URI=qemu:///system which is the same
thing.

In either case the images are created as user qemu.qemu and then
aren't readable or modifiable by later parts of the script.
---
 builder/templates/make-template.ml | 25 ++++++++++++++++++++-----
 1 file changed, 20 insertions(+), 5 deletions(-)

diff --git a/builder/templates/make-template.ml b/builder/templates/make-template.ml
index 3505a4612..aaf448a29 100755
--- a/builder/templates/make-template.ml
+++ b/builder/templates/make-template.ml
@@ -24,6 +24,12 @@
  * shell scripts located in libguestfs.git/builder/website.
  *)
 
+#load "str.cma";;
+#load "unix.cma";;
+#directory "../../ocaml";; (* use locally built guestfs *)
+(*#directory "+guestfs";; (* use globally installed guestfs *) *)
+#load "mlguestfs.cma";;
+
 open Printf
 
 let prog = "make-template"
@@ -42,14 +48,23 @@ let () =
      eprintf "%s: you must use `../../run ./make-template.ml ...' to run this script\n"
              prog;
      exit 1
+  );
+
+  (* Check we're not being run as root. *)
+  if Unix.geteuid () = 0 then (
+    eprintf "%s: don't run this script as root\n" prog;
+    exit 1
+  );
+  (* ... and that LIBVIRT_DEFAULT_URI=qemu:///system is NOT set,
+   * which is the same as above.
+   *)
+  let s = try Sys.getenv "LIBVIRT_DEFAULT_URI" with Not_found -> "" in
+  if s = "qemu:///system" then (
+    eprintf "%s: don't set LIBVIRT_DEFAULT_URI=qemu:///system\n" prog;
+    exit 1
   )
   ;;
 
-#load "str.cma";;
-#load "unix.cma";;
-#directory "../../ocaml";;
-#load "mlguestfs.cma";;
-
 type os =
   | CentOS of int * int         (* major, minor *)
   | RHEL of int * int