fix lockfile ownership
This commit is contained in:
parent
f6f89f6cea
commit
59eef4ec93
@ -1,7 +1,7 @@
|
|||||||
From 9f47804b2e8a0bc822b038427562d3a481c28693 Mon Sep 17 00:00:00 2001
|
From 9f47804b2e8a0bc822b038427562d3a481c28693 Mon Sep 17 00:00:00 2001
|
||||||
From: David Teigland <teigland@redhat.com>
|
From: David Teigland <teigland@redhat.com>
|
||||||
Date: Mon, 23 Jul 2012 10:58:50 -0500
|
Date: Mon, 23 Jul 2012 10:58:50 -0500
|
||||||
Subject: [PATCH] daemon: include resource.h
|
Subject: [PATCH 1/2] daemon: include resource.h
|
||||||
|
|
||||||
for rlimits
|
for rlimits
|
||||||
|
|
||||||
|
104
0002-daemon-fix-lockfile-ownership.patch
Normal file
104
0002-daemon-fix-lockfile-ownership.patch
Normal file
@ -0,0 +1,104 @@
|
|||||||
|
From a80c4a0d0b3cd1cb9a10fb8b681c48bf639ca9d1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: David Teigland <teigland@redhat.com>
|
||||||
|
Date: Tue, 24 Jul 2012 09:21:30 -0500
|
||||||
|
Subject: [PATCH 2/2] daemon: fix lockfile ownership
|
||||||
|
|
||||||
|
make the owner sanlock uid/gid instead of root
|
||||||
|
so the daemon continues to have access to it
|
||||||
|
after the process drops root privileges.
|
||||||
|
|
||||||
|
Signed-off-by: David Teigland <teigland@redhat.com>
|
||||||
|
---
|
||||||
|
src/lockfile.c | 18 ++++++++++++++++--
|
||||||
|
src/lockfile.h | 2 +-
|
||||||
|
src/main.c | 8 ++++----
|
||||||
|
3 files changed, 21 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/lockfile.c b/src/lockfile.c
|
||||||
|
index cd4d4e2..129d956 100644
|
||||||
|
--- a/src/lockfile.c
|
||||||
|
+++ b/src/lockfile.c
|
||||||
|
@@ -29,7 +29,7 @@
|
||||||
|
#include "log.h"
|
||||||
|
#include "lockfile.h"
|
||||||
|
|
||||||
|
-int lockfile(const char *dir, const char *name)
|
||||||
|
+int lockfile(const char *dir, const char *name, int uid, int gid)
|
||||||
|
{
|
||||||
|
char path[PATH_MAX];
|
||||||
|
char buf[16];
|
||||||
|
@@ -38,13 +38,20 @@ int lockfile(const char *dir, const char *name)
|
||||||
|
int fd, rv;
|
||||||
|
|
||||||
|
old_umask = umask(0022);
|
||||||
|
- rv = mkdir(SANLK_RUN_DIR, 0777);
|
||||||
|
+ rv = mkdir(SANLK_RUN_DIR, 0775);
|
||||||
|
if (rv < 0 && errno != EEXIST) {
|
||||||
|
umask(old_umask);
|
||||||
|
return rv;
|
||||||
|
}
|
||||||
|
umask(old_umask);
|
||||||
|
|
||||||
|
+ rv = chown(SANLK_RUN_DIR, uid, gid);
|
||||||
|
+ if (rv < 0) {
|
||||||
|
+ log_error("lockfile chown error %s: %s",
|
||||||
|
+ SANLK_RUN_DIR, strerror(errno));
|
||||||
|
+ return rv;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
snprintf(path, PATH_MAX, "%s/%s", dir, name);
|
||||||
|
|
||||||
|
fd = open(path, O_CREAT|O_WRONLY|O_CLOEXEC, 0666);
|
||||||
|
@@ -83,6 +90,13 @@ int lockfile(const char *dir, const char *name)
|
||||||
|
goto fail;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ rv = fchown(fd, uid, gid);
|
||||||
|
+ if (rv < 0) {
|
||||||
|
+ log_error("lockfile fchown error %s: %s",
|
||||||
|
+ path, strerror(errno));
|
||||||
|
+ goto fail;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
return fd;
|
||||||
|
fail:
|
||||||
|
close(fd);
|
||||||
|
diff --git a/src/lockfile.h b/src/lockfile.h
|
||||||
|
index 1702d71..57bbcec 100644
|
||||||
|
--- a/src/lockfile.h
|
||||||
|
+++ b/src/lockfile.h
|
||||||
|
@@ -9,7 +9,7 @@
|
||||||
|
#ifndef __LOCKFILE_H__
|
||||||
|
#define __LOCKFILE_H__
|
||||||
|
|
||||||
|
-int lockfile(const char *dir, const char *name);
|
||||||
|
+int lockfile(const char *dir, const char *name, int uid, int gid);
|
||||||
|
void unlink_lockfile(int fd, const char *dir, const char *name);
|
||||||
|
|
||||||
|
#endif
|
||||||
|
diff --git a/src/main.c b/src/main.c
|
||||||
|
index fdf068d..8e39855 100644
|
||||||
|
--- a/src/main.c
|
||||||
|
+++ b/src/main.c
|
||||||
|
@@ -1558,14 +1558,14 @@ static int do_daemon(void)
|
||||||
|
|
||||||
|
setup_logging();
|
||||||
|
|
||||||
|
+ fd = lockfile(SANLK_RUN_DIR, SANLK_LOCKFILE_NAME, com.uid, com.gid);
|
||||||
|
+ if (fd < 0)
|
||||||
|
+ return fd;
|
||||||
|
+
|
||||||
|
setup_host_name();
|
||||||
|
|
||||||
|
setup_groups();
|
||||||
|
|
||||||
|
- fd = lockfile(SANLK_RUN_DIR, SANLK_LOCKFILE_NAME);
|
||||||
|
- if (fd < 0)
|
||||||
|
- return fd;
|
||||||
|
-
|
||||||
|
log_error("sanlock daemon started %s aio %d %d renew %d %d host %s time %llu",
|
||||||
|
RELEASE_VERSION,
|
||||||
|
main_task.use_aio, main_task.io_timeout_seconds,
|
||||||
|
--
|
||||||
|
1.7.10.1.362.g242cab3
|
||||||
|
|
12
sanlock.spec
12
sanlock.spec
@ -1,6 +1,6 @@
|
|||||||
Name: sanlock
|
Name: sanlock
|
||||||
Version: 2.4
|
Version: 2.4
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
Summary: A shared disk lock manager
|
Summary: A shared disk lock manager
|
||||||
|
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
@ -13,7 +13,8 @@ Requires(pre): /usr/sbin/groupadd
|
|||||||
Requires(pre): /usr/sbin/useradd
|
Requires(pre): /usr/sbin/useradd
|
||||||
Source0: https://fedorahosted.org/releases/s/a/sanlock/%{name}-%{version}.tar.gz
|
Source0: https://fedorahosted.org/releases/s/a/sanlock/%{name}-%{version}.tar.gz
|
||||||
|
|
||||||
Patch0: 0001-daemon-include-resource.h.patch
|
Patch0: 0001-daemon-include-resource.h.patch
|
||||||
|
Patch1: 0002-daemon-fix-lockfile-ownership.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
sanlock uses disk paxos to manage leases on shared storage.
|
sanlock uses disk paxos to manage leases on shared storage.
|
||||||
@ -23,6 +24,7 @@ access to the shared disks.
|
|||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
%patch0 -p1 -b .0001-daemon-include-resource.h.patch
|
%patch0 -p1 -b .0001-daemon-include-resource.h.patch
|
||||||
|
%patch1 -p1 -b .0002-daemon-fix-lockfile-ownership.patch
|
||||||
|
|
||||||
%build
|
%build
|
||||||
# upstream does not require configure
|
# upstream does not require configure
|
||||||
@ -59,6 +61,8 @@ install -Dm 0644 src/logrotate.sanlock \
|
|||||||
install -Dm 0644 src/sysconfig.sanlock \
|
install -Dm 0644 src/sysconfig.sanlock \
|
||||||
$RPM_BUILD_ROOT/etc/sysconfig/sanlock
|
$RPM_BUILD_ROOT/etc/sysconfig/sanlock
|
||||||
|
|
||||||
|
install -Dd -m 775 $RPM_BUILD_ROOT/%{_localstatedir}/run/sanlock
|
||||||
|
|
||||||
%clean
|
%clean
|
||||||
rm -rf $RPM_BUILD_ROOT
|
rm -rf $RPM_BUILD_ROOT
|
||||||
|
|
||||||
@ -118,6 +122,7 @@ fi
|
|||||||
%endif
|
%endif
|
||||||
%{_sbindir}/sanlock
|
%{_sbindir}/sanlock
|
||||||
%{_sbindir}/wdmd
|
%{_sbindir}/wdmd
|
||||||
|
%dir %attr(-,sanlock,sanlock) %{_localstatedir}/run/sanlock
|
||||||
%{_mandir}/man8/wdmd*
|
%{_mandir}/man8/wdmd*
|
||||||
%{_mandir}/man8/sanlock*
|
%{_mandir}/man8/sanlock*
|
||||||
%config(noreplace) %{_sysconfdir}/logrotate.d/sanlock
|
%config(noreplace) %{_sysconfdir}/logrotate.d/sanlock
|
||||||
@ -180,6 +185,9 @@ developing applications that use %{name}.
|
|||||||
%{_includedir}/sanlock_direct.h
|
%{_includedir}/sanlock_direct.h
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jul 24 2012 David Teigland <teigland@redhat.com> - 2.4-3
|
||||||
|
- fix lockfile ownership
|
||||||
|
|
||||||
* Mon Jul 23 2012 David Teigland <teigland@redhat.com> - 2.4-2
|
* Mon Jul 23 2012 David Teigland <teigland@redhat.com> - 2.4-2
|
||||||
- fix missing include
|
- fix missing include
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user