Support group option on command line

Author: RH-steve-grubb

ChangeLog

@@ -3,6 +3,7 @@
 - Reinstate strong umask before writing report
 - Use pw_gid to set the group when changing gid
 - Allow the use of account names for auid & uid in rules
+- Support group option on command line
 
 0.8.3
 - Add audit support for the linux-4.15 kernel

doc/fapolicyd.8

@@ -30,6 +30,9 @@ the internal queue of pending decisions is set by this number. It should be a po
 .TP
 .B \-\-user\ NN
 run as a particular user rather than root. This may either be numeric or a user name from the passwd database.
+.TP
+.B \-\-group\ NN
+run using a particular group rather than root. This may either be numeric or a user name from the passwd database.
 .SH SIGNALS
 .TP
 SIGTERM

src/fapolicyd.c

@@ -1,6 +1,6 @@
 /*
  * fapolicyd.c - Main file for the program
- * Copyright (c) 2016 Red Hat Inc., Durham, North Carolina.
+ * Copyright (c) 2016,2018 Red Hat Inc., Durham, North Carolina.
  * All Rights Reserved. 
  *
  * This software may be freely redistributed and/or modified under the
@@ -34,6 +34,7 @@
 #include <stdio.h>
 #include <ctype.h>
 #include <pwd.h>
+#include <grp.h>
 #include <cap-ng.h>
 #include <sys/prctl.h>
 #include <linux/unistd.h>  /* syscall numbers */
@@ -180,7 +181,7 @@ static void usage(void)
 {
 	fprintf(stderr,
 		"Usage: fapolicyd [--debug|--debug-deny] [--permissive] "
-		"[--boost xxx]\n\t\t[--queue xxx] [--user xx] "
+		"[--boost xxx]\n\t\t[--queue xxx] [--user xx] [--group xx]"
 		"[--no-details]\n");
 	exit(1);
 }
@@ -266,6 +267,30 @@ int main(int argc, char *argv[])
 				gid = pw->pw_gid;
 				endpwent();
 			}
+		} else if (strcmp(argv[i], "--group") == 0) {
+			i++;
+			if (i == argc || *argv[i] == '-') {
+				msg(LOG_ERR, "group takes an argument");
+				exit(1);
+			}
+			if (isdigit(*argv[i])) {
+				errno = 0;
+				gid = strtol(argv[i], NULL, 10);
+				if (errno) {
+					msg(LOG_ERR,
+						"Error converting group value");
+					exit(1);
+				}
+			} else {
+				struct group *gr = getgrnam(argv[i]);
+				if (gr == NULL) {
+					msg(LOG_ERR, "group %s is unknown",
+							argv[i]);
+					exit(1);
+				}
+				gid = gr->gr_gid;
+				endgrent();
+			}
 		} else if (strcmp(argv[i], "--no-details") == 0) {
 			details = 0;
 		} else {