From 59eef4ec93cf58c8c322f2a7021a0ea291006b70 Mon Sep 17 00:00:00 2001
From: David Teigland <teigland@redhat.com>
Date: Tue, 24 Jul 2012 11:17:59 -0500
Subject: [PATCH] fix lockfile ownership

---
 0001-daemon-include-resource.h.patch     |   2 +-
 0002-daemon-fix-lockfile-ownership.patch | 104 +++++++++++++++++++++++
 sanlock.spec                             |  12 ++-
 3 files changed, 115 insertions(+), 3 deletions(-)
 create mode 100644 0002-daemon-fix-lockfile-ownership.patch

diff --git a/0001-daemon-include-resource.h.patch b/0001-daemon-include-resource.h.patch
index add659d..2b1892f 100644
--- a/0001-daemon-include-resource.h.patch
+++ b/0001-daemon-include-resource.h.patch
@@ -1,7 +1,7 @@
 From 9f47804b2e8a0bc822b038427562d3a481c28693 Mon Sep 17 00:00:00 2001
 From: David Teigland <teigland@redhat.com>
 Date: Mon, 23 Jul 2012 10:58:50 -0500
-Subject: [PATCH] daemon: include resource.h
+Subject: [PATCH 1/2] daemon: include resource.h
 
 for rlimits
 
diff --git a/0002-daemon-fix-lockfile-ownership.patch b/0002-daemon-fix-lockfile-ownership.patch
new file mode 100644
index 0000000..0ecaa17
--- /dev/null
+++ b/0002-daemon-fix-lockfile-ownership.patch
@@ -0,0 +1,104 @@
+From a80c4a0d0b3cd1cb9a10fb8b681c48bf639ca9d1 Mon Sep 17 00:00:00 2001
+From: David Teigland <teigland@redhat.com>
+Date: Tue, 24 Jul 2012 09:21:30 -0500
+Subject: [PATCH 2/2] daemon: fix lockfile ownership
+
+make the owner sanlock uid/gid instead of root
+so the daemon continues to have access to it
+after the process drops root privileges.
+
+Signed-off-by: David Teigland <teigland@redhat.com>
+---
+ src/lockfile.c |   18 ++++++++++++++++--
+ src/lockfile.h |    2 +-
+ src/main.c     |    8 ++++----
+ 3 files changed, 21 insertions(+), 7 deletions(-)
+
+diff --git a/src/lockfile.c b/src/lockfile.c
+index cd4d4e2..129d956 100644
+--- a/src/lockfile.c
++++ b/src/lockfile.c
+@@ -29,7 +29,7 @@
+ #include "log.h"
+ #include "lockfile.h"
+ 
+-int lockfile(const char *dir, const char *name)
++int lockfile(const char *dir, const char *name, int uid, int gid)
+ {
+ 	char path[PATH_MAX];
+ 	char buf[16];
+@@ -38,13 +38,20 @@ int lockfile(const char *dir, const char *name)
+ 	int fd, rv;
+ 
+ 	old_umask = umask(0022);
+-	rv = mkdir(SANLK_RUN_DIR, 0777);
++	rv = mkdir(SANLK_RUN_DIR, 0775);
+ 	if (rv < 0 && errno != EEXIST) {
+ 		umask(old_umask);
+ 		return rv;
+ 	}
+ 	umask(old_umask);
+ 
++	rv = chown(SANLK_RUN_DIR, uid, gid);
++	if (rv < 0) {
++		log_error("lockfile chown error %s: %s",
++			  SANLK_RUN_DIR, strerror(errno));
++		return rv;
++	}
++
+ 	snprintf(path, PATH_MAX, "%s/%s", dir, name);
+ 
+ 	fd = open(path, O_CREAT|O_WRONLY|O_CLOEXEC, 0666);
+@@ -83,6 +90,13 @@ int lockfile(const char *dir, const char *name)
+ 		goto fail;
+ 	}
+ 
++	rv = fchown(fd, uid, gid);
++	if (rv < 0) {
++		log_error("lockfile fchown error %s: %s",
++			  path, strerror(errno));
++		goto fail;
++	}
++
+ 	return fd;
+  fail:
+ 	close(fd);
+diff --git a/src/lockfile.h b/src/lockfile.h
+index 1702d71..57bbcec 100644
+--- a/src/lockfile.h
++++ b/src/lockfile.h
+@@ -9,7 +9,7 @@
+ #ifndef	__LOCKFILE_H__
+ #define	__LOCKFILE_H__
+ 
+-int lockfile(const char *dir, const char *name);
++int lockfile(const char *dir, const char *name, int uid, int gid);
+ void unlink_lockfile(int fd, const char *dir, const char *name);
+ 
+ #endif
+diff --git a/src/main.c b/src/main.c
+index fdf068d..8e39855 100644
+--- a/src/main.c
++++ b/src/main.c
+@@ -1558,14 +1558,14 @@ static int do_daemon(void)
+ 
+ 	setup_logging();
+ 
++	fd = lockfile(SANLK_RUN_DIR, SANLK_LOCKFILE_NAME, com.uid, com.gid);
++	if (fd < 0)
++		return fd;
++
+ 	setup_host_name();
+ 
+ 	setup_groups();
+ 
+-	fd = lockfile(SANLK_RUN_DIR, SANLK_LOCKFILE_NAME);
+-	if (fd < 0)
+-		return fd;
+-
+ 	log_error("sanlock daemon started %s aio %d %d renew %d %d host %s time %llu",
+ 		  RELEASE_VERSION,
+ 		  main_task.use_aio, main_task.io_timeout_seconds,
+-- 
+1.7.10.1.362.g242cab3
+
diff --git a/sanlock.spec b/sanlock.spec
index 6e740a5..4c73006 100644
--- a/sanlock.spec
+++ b/sanlock.spec
@@ -1,6 +1,6 @@
 Name:           sanlock
 Version:        2.4
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        A shared disk lock manager
 
 Group:          System Environment/Base
@@ -13,7 +13,8 @@ Requires(pre):  /usr/sbin/groupadd
 Requires(pre):  /usr/sbin/useradd
 Source0:        https://fedorahosted.org/releases/s/a/sanlock/%{name}-%{version}.tar.gz
 
-Patch0:         0001-daemon-include-resource.h.patch
+Patch0: 0001-daemon-include-resource.h.patch
+Patch1: 0002-daemon-fix-lockfile-ownership.patch
 
 %description
 sanlock uses disk paxos to manage leases on shared storage.
@@ -23,6 +24,7 @@ access to the shared disks.
 %prep
 %setup -q
 %patch0 -p1 -b .0001-daemon-include-resource.h.patch
+%patch1 -p1 -b .0002-daemon-fix-lockfile-ownership.patch
 
 %build
 # upstream does not require configure
@@ -59,6 +61,8 @@ install -Dm 0644 src/logrotate.sanlock \
 install -Dm 0644 src/sysconfig.sanlock \
 	$RPM_BUILD_ROOT/etc/sysconfig/sanlock
 
+install -Dd -m 775 $RPM_BUILD_ROOT/%{_localstatedir}/run/sanlock
+
 %clean
 rm -rf $RPM_BUILD_ROOT
 
@@ -118,6 +122,7 @@ fi
 %endif
 %{_sbindir}/sanlock
 %{_sbindir}/wdmd
+%dir %attr(-,sanlock,sanlock) %{_localstatedir}/run/sanlock
 %{_mandir}/man8/wdmd*
 %{_mandir}/man8/sanlock*
 %config(noreplace) %{_sysconfdir}/logrotate.d/sanlock
@@ -180,6 +185,9 @@ developing applications that use %{name}.
 %{_includedir}/sanlock_direct.h
 
 %changelog
+* Tue Jul 24 2012 David Teigland <teigland@redhat.com> - 2.4-3
+- fix lockfile ownership
+
 * Mon Jul 23 2012 David Teigland <teigland@redhat.com> - 2.4-2
 - fix missing include