rpms/linux-sgx
7
0
Fork 0
Code Issues Pull Requests Releases Activity
09fb06843c
linux-sgx/0117-qgs-add-m-MODE-parameter-for-UNIX-socket-mode.patch
Daniel P. Berrangé d050136e53 Adapt qgs.service for SELinux policy and sock perms 
Changes to qgs.service to make it more amenable to writing a strict
SELinux policy.

Also add patch to allow control over socket perms so QEMU can get
access to the socket.

Related: https://issues.redhat.com/browse/RHELPLAN-171791
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-06-09 13:57:03 +01:00

104 lines
4.7 KiB
Diff
Raw Blame History

From 8ded27dcf0c5a02c7869568bd1cafd5c2d15c0b0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Fri, 2 May 2025 14:48:24 +0100
Subject: [PATCH 117/117] qgs: add -m=MODE parameter for UNIX socket mode
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The UNIX socket mode default is controlled by the process umask, but it
can be desirable to override this to open up the socket mode, while
keeping the umask restrictive.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
.../quote_wrapper/qgs/server_main.cpp | 35 +++++++++++++++++--
1 file changed, 32 insertions(+), 3 deletions(-)
diff --git a/QuoteGeneration/quote_wrapper/qgs/server_main.cpp b/QuoteGeneration/quote_wrapper/qgs/server_main.cpp
index 47f6c26..4628b18 100644
--- a/QuoteGeneration/quote_wrapper/qgs/server_main.cpp
+++ b/QuoteGeneration/quote_wrapper/qgs/server_main.cpp
@@ -73,9 +73,10 @@ int main(int argc, const char* argv[])
bool no_daemon = false;
unsigned long int port = 0;
unsigned long int num_threads = 0;
+ unsigned long int mode = 0;
char *endptr = NULL;
if (argc > 4) {
- cout << "Usage: " << argv[0] << " [--no-daemon] [-p=port_number] [-n=number_threads] [--verbose] [--debug]"
+ cout << "Usage: " << argv[0] << " [--no-daemon] [-p=port_number] [-m=unix_socket_mode] [-n=number_threads] [--verbose] [--debug]"
<< endl;
exit(1);
}
@@ -106,6 +107,19 @@ int main(int argc, const char* argv[])
}
cout << "port number [" << port << "] found in cmdline" << endl;
continue;
+ } else if (strncmp(argv[i], "-m=", 3 ) == 0) {
+ if (strspn(argv[i] + 3, "0123456789") != strlen(argv[i] + 3)) {
+ cout << "Please input valid socket mode" << endl;
+ exit(1);
+ }
+ errno = 0;
+ mode = strtoul(argv[i] + 3, &endptr, 8);
+ if (errno || strlen(endptr) || (mode > UINT_MAX) ) {
+ cout << "Please input valid socket mode" << endl;
+ exit(1);
+ }
+ cout << "socket mode [" << oct << mode << dec << "] found in cmdline" << endl;
+ continue;
} else if (strncmp(argv[i], "-n=", 3) == 0) {
if (strspn(argv[i] + 3, "0123456789") != strlen(argv[i] + 3)) {
cout << "Please input valid thread number" << endl;
@@ -120,7 +134,7 @@ int main(int argc, const char* argv[])
cout << "thread number [" << num_threads << "] found in cmdline" << endl;
continue;
} else {
- cout << "Usage: " << argv[0] << " [--no-daemon] [-p=port_number] [-n=number_threads] [--verbose] [--debug]"
+ cout << "Usage: " << argv[0] << " [--no-daemon] [-p=port_number] [-m=unix_socket_mode] [-n=number_threads] [--verbose] [--debug]"
<< endl;
exit(1);
}
@@ -129,7 +143,7 @@ int main(int argc, const char* argv[])
// Use the port number in QGS_CONFIG_FILE if no valid port number on
// command line
- if (port == 0 || num_threads == 0) {
+ if (port == 0 || num_threads == 0 || mode == 0) {
ifstream config_file(QGS_CONFIG_FILE);
if (config_file.is_open()) {
string line;
@@ -161,6 +175,15 @@ int main(int argc, const char* argv[])
<< QGS_CONFIG_FILE << endl;
exit(1);
}
+ } else if (!mode && name.compare("socket_mode") == 0) {
+ errno = 0;
+ endptr = NULL;
+ mode = strtoul(value, &endptr, 8);
+ if (errno || strlen(endptr) || (mode > UINT_MAX)) {
+ cout << "Please input valid socket mode in "
+ << QGS_CONFIG_FILE << endl;
+ exit(1);
+ }
} else if (!num_threads && name.compare("number_threads") == 0) {
errno = 0;
endptr = NULL;
@@ -212,6 +235,12 @@ int main(int argc, const char* argv[])
}
QGS_LOG_INFO("About to create QgsServer with num_thread = %d\n", (uint8_t)num_threads);
server = new QgsServer(io_service, ep, (uint8_t)num_threads);
+ /* Allow mode to be determined by umask by default,
+ * overriding only if an explicit mode is requested
+ */
+ if (!port && mode != 0) {
+ chmod(QGS_UNIX_SOCKET_FILE, mode);
+ }
QGS_LOG_INFO("About to start main loop\n");
io_service.run();
QGS_LOG_INFO("Quit main loop\n");
--
2.49.0
Reference in New Issue View Git Blame Copy Permalink