From a80c4a0d0b3cd1cb9a10fb8b681c48bf639ca9d1 Mon Sep 17 00:00:00 2001 From: David Teigland Date: Tue, 24 Jul 2012 09:21:30 -0500 Subject: [PATCH 2/2] daemon: fix lockfile ownership make the owner sanlock uid/gid instead of root so the daemon continues to have access to it after the process drops root privileges. Signed-off-by: David Teigland --- src/lockfile.c | 18 ++++++++++++++++-- src/lockfile.h | 2 +- src/main.c | 8 ++++---- 3 files changed, 21 insertions(+), 7 deletions(-) diff --git a/src/lockfile.c b/src/lockfile.c index cd4d4e2..129d956 100644 --- a/src/lockfile.c +++ b/src/lockfile.c @@ -29,7 +29,7 @@ #include "log.h" #include "lockfile.h" -int lockfile(const char *dir, const char *name) +int lockfile(const char *dir, const char *name, int uid, int gid) { char path[PATH_MAX]; char buf[16]; @@ -38,13 +38,20 @@ int lockfile(const char *dir, const char *name) int fd, rv; old_umask = umask(0022); - rv = mkdir(SANLK_RUN_DIR, 0777); + rv = mkdir(SANLK_RUN_DIR, 0775); if (rv < 0 && errno != EEXIST) { umask(old_umask); return rv; } umask(old_umask); + rv = chown(SANLK_RUN_DIR, uid, gid); + if (rv < 0) { + log_error("lockfile chown error %s: %s", + SANLK_RUN_DIR, strerror(errno)); + return rv; + } + snprintf(path, PATH_MAX, "%s/%s", dir, name); fd = open(path, O_CREAT|O_WRONLY|O_CLOEXEC, 0666); @@ -83,6 +90,13 @@ int lockfile(const char *dir, const char *name) goto fail; } + rv = fchown(fd, uid, gid); + if (rv < 0) { + log_error("lockfile fchown error %s: %s", + path, strerror(errno)); + goto fail; + } + return fd; fail: close(fd); diff --git a/src/lockfile.h b/src/lockfile.h index 1702d71..57bbcec 100644 --- a/src/lockfile.h +++ b/src/lockfile.h @@ -9,7 +9,7 @@ #ifndef __LOCKFILE_H__ #define __LOCKFILE_H__ -int lockfile(const char *dir, const char *name); +int lockfile(const char *dir, const char *name, int uid, int gid); void unlink_lockfile(int fd, const char *dir, const char *name); #endif diff --git a/src/main.c b/src/main.c index fdf068d..8e39855 100644 --- a/src/main.c +++ b/src/main.c @@ -1558,14 +1558,14 @@ static int do_daemon(void) setup_logging(); + fd = lockfile(SANLK_RUN_DIR, SANLK_LOCKFILE_NAME, com.uid, com.gid); + if (fd < 0) + return fd; + setup_host_name(); setup_groups(); - fd = lockfile(SANLK_RUN_DIR, SANLK_LOCKFILE_NAME); - if (fd < 0) - return fd; - log_error("sanlock daemon started %s aio %d %d renew %d %d host %s time %llu", RELEASE_VERSION, main_task.use_aio, main_task.io_timeout_seconds, -- 1.7.10.1.362.g242cab3