From 9edc101e5d8a3e25fa49d30b3a9c3c7691a49a21 Mon Sep 17 00:00:00 2001
From: Nir Soffer <nsoffer@redhat.com>
Date: Thu, 6 Dec 2018 13:23:11 -0600
Subject: [PATCH] lockfile: Keep lockfile owned by root

On Fedora 28, sanlock fails to create the lockfile before dropping
privileges, because /run/sanlock is owned by sanlock, and selinux
disables DAC_OVERRIDE.

To allow root to create the lockfile before dropping privileges
/run/sanlock is owned by group root, and group writable.  Since sanlock
never write to the lockfile after dropping privileges, keep the lockfile
owned by root.

Here are /run/sanlock permissions with this change:

$ ls -lhdZ /run/sanlock
drwxrwxr-x. 2 sanlock root system_u:object_r:sanlock_var_run_t:s0 80 Nov 29 23:07 /run/sanlock

$ ls -lhZ /run/sanlock
total 4.0K
-rw-r--r--. 1 root    root    system_u:object_r:sanlock_var_run_t:s0 5 Nov 29 23:07 sanlock.pid
srw-rw----. 1 sanlock sanlock system_u:object_r:sanlock_var_run_t:s0 0 Nov 29 23:07 sanlock.sock

Signed-off-by: Nir Soffer <nsoffer@redhat.com>
---
 src/lockfile.c | 12 ++++--------
 src/main.c     |  6 +++++-
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/lockfile.c b/src/lockfile.c
index e3b720c613f8..61847f11c23c 100644
--- a/src/lockfile.c
+++ b/src/lockfile.c
@@ -37,7 +37,10 @@ int lockfile(const char *dir, const char *name, int uid, int gid)
 	mode_t old_umask;
 	int fd, rv;
 
-	old_umask = umask(0022);
+	/* Make rundir group writable, allowing creation of the lockfile when
+	 * starting as root. */
+
+	old_umask = umask(0002);
 	rv = mkdir(SANLK_RUN_DIR, 0775);
 	if (rv < 0 && errno != EEXIST) {
 		umask(old_umask);
@@ -90,13 +93,6 @@ int lockfile(const char *dir, const char *name, int uid, int gid)
 		goto fail;
 	}
 
-	rv = fchown(fd, uid, gid);
-	if (rv < 0) {
-		log_error("lockfile fchown error %s: %s",
-			  path, strerror(errno));
-		goto fail;
-	}
-
 	return fd;
  fail:
 	close(fd);
diff --git a/src/main.c b/src/main.c
index 0117183def26..86a2725d40f6 100644
--- a/src/main.c
+++ b/src/main.c
@@ -1667,7 +1667,11 @@ static int do_daemon(void)
 	setup_signals();
 	setup_logging();
 
-	fd = lockfile(SANLK_RUN_DIR, SANLK_LOCKFILE_NAME, com.uid, com.gid);
+	/* If we run as root, make run_dir owned by root, so we can create the
+	 * lockfile when selinux disables DAC_OVERRIDE.
+	 * See https://danwalsh.livejournal.com/79643.html */
+
+	fd = lockfile(SANLK_RUN_DIR, SANLK_LOCKFILE_NAME, com.uid, 0);
 	if (fd < 0) {
 		close_logging();
 		return fd;
-- 
2.7.5