diff --git a/0003-lockfile-Keep-lockfile-owned-by-root.patch b/0003-lockfile-Keep-lockfile-owned-by-root.patch new file mode 100644 index 0000000..3492c52 --- /dev/null +++ b/0003-lockfile-Keep-lockfile-owned-by-root.patch @@ -0,0 +1,80 @@ +From 9edc101e5d8a3e25fa49d30b3a9c3c7691a49a21 Mon Sep 17 00:00:00 2001 +From: Nir Soffer +Date: Thu, 6 Dec 2018 13:23:11 -0600 +Subject: [PATCH] lockfile: Keep lockfile owned by root + +On Fedora 28, sanlock fails to create the lockfile before dropping +privileges, because /run/sanlock is owned by sanlock, and selinux +disables DAC_OVERRIDE. + +To allow root to create the lockfile before dropping privileges +/run/sanlock is owned by group root, and group writable. Since sanlock +never write to the lockfile after dropping privileges, keep the lockfile +owned by root. + +Here are /run/sanlock permissions with this change: + +$ ls -lhdZ /run/sanlock +drwxrwxr-x. 2 sanlock root system_u:object_r:sanlock_var_run_t:s0 80 Nov 29 23:07 /run/sanlock + +$ ls -lhZ /run/sanlock +total 4.0K +-rw-r--r--. 1 root root system_u:object_r:sanlock_var_run_t:s0 5 Nov 29 23:07 sanlock.pid +srw-rw----. 1 sanlock sanlock system_u:object_r:sanlock_var_run_t:s0 0 Nov 29 23:07 sanlock.sock + +Signed-off-by: Nir Soffer +--- + src/lockfile.c | 12 ++++-------- + src/main.c | 6 +++++- + 2 files changed, 9 insertions(+), 9 deletions(-) + +diff --git a/src/lockfile.c b/src/lockfile.c +index e3b720c613f8..61847f11c23c 100644 +--- a/src/lockfile.c ++++ b/src/lockfile.c +@@ -37,7 +37,10 @@ int lockfile(const char *dir, const char *name, int uid, int gid) + mode_t old_umask; + int fd, rv; + +- old_umask = umask(0022); ++ /* Make rundir group writable, allowing creation of the lockfile when ++ * starting as root. */ ++ ++ old_umask = umask(0002); + rv = mkdir(SANLK_RUN_DIR, 0775); + if (rv < 0 && errno != EEXIST) { + umask(old_umask); +@@ -90,13 +93,6 @@ int lockfile(const char *dir, const char *name, int uid, int gid) + goto fail; + } + +- rv = fchown(fd, uid, gid); +- if (rv < 0) { +- log_error("lockfile fchown error %s: %s", +- path, strerror(errno)); +- goto fail; +- } +- + return fd; + fail: + close(fd); +diff --git a/src/main.c b/src/main.c +index 0117183def26..86a2725d40f6 100644 +--- a/src/main.c ++++ b/src/main.c +@@ -1667,7 +1667,11 @@ static int do_daemon(void) + setup_signals(); + setup_logging(); + +- fd = lockfile(SANLK_RUN_DIR, SANLK_LOCKFILE_NAME, com.uid, com.gid); ++ /* If we run as root, make run_dir owned by root, so we can create the ++ * lockfile when selinux disables DAC_OVERRIDE. ++ * See https://danwalsh.livejournal.com/79643.html */ ++ ++ fd = lockfile(SANLK_RUN_DIR, SANLK_LOCKFILE_NAME, com.uid, 0); + if (fd < 0) { + close_logging(); + return fd; +-- +2.7.5 + diff --git a/sanlock.spec b/sanlock.spec index ebac41d..f7bb3b4 100644 --- a/sanlock.spec +++ b/sanlock.spec @@ -6,7 +6,7 @@ Name: sanlock Version: 3.6.0 -Release: 6%{?dist} +Release: 7%{?dist} Summary: A shared storage lock manager Group: System Environment/Base @@ -30,6 +30,7 @@ Source0: https://releases.pagure.org/sanlock/%{name}-%{version}.tar.gz Patch0: 0001-Fix-libsanlock-build-on-Unubtu-Debian.patch Patch1: 0002-fix-makefile-flags.patch +Patch2: 0003-lockfile-Keep-lockfile-owned-by-root.patch %description The sanlock daemon manages leases for applications on hosts using shared storage. @@ -38,6 +39,7 @@ The sanlock daemon manages leases for applications on hosts using shared storage %setup -q %patch0 -p1 -b .0001-Fix-libsanlock-build-on-Unubtu-Debian.patch %patch1 -p1 -b .0002-fix-makefile-flags.patch +%patch2 -p1 -b .0003-lockfile-Keep-lockfile-owned-by-root.patch %build %set_build_flags @@ -215,6 +217,9 @@ common sanlock lockspace. %changelog +* Thu Jan 24 2019 David Teigland - 3.6.0-7 +- lockfile ownership + * Sat Jul 14 2018 Fedora Release Engineering - 3.6.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild