105 lines
2.6 KiB
Diff
105 lines
2.6 KiB
Diff
From a80c4a0d0b3cd1cb9a10fb8b681c48bf639ca9d1 Mon Sep 17 00:00:00 2001
|
|
From: David Teigland <teigland@redhat.com>
|
|
Date: Tue, 24 Jul 2012 09:21:30 -0500
|
|
Subject: [PATCH 2/2] daemon: fix lockfile ownership
|
|
|
|
make the owner sanlock uid/gid instead of root
|
|
so the daemon continues to have access to it
|
|
after the process drops root privileges.
|
|
|
|
Signed-off-by: David Teigland <teigland@redhat.com>
|
|
---
|
|
src/lockfile.c | 18 ++++++++++++++++--
|
|
src/lockfile.h | 2 +-
|
|
src/main.c | 8 ++++----
|
|
3 files changed, 21 insertions(+), 7 deletions(-)
|
|
|
|
diff --git a/src/lockfile.c b/src/lockfile.c
|
|
index cd4d4e2..129d956 100644
|
|
--- a/src/lockfile.c
|
|
+++ b/src/lockfile.c
|
|
@@ -29,7 +29,7 @@
|
|
#include "log.h"
|
|
#include "lockfile.h"
|
|
|
|
-int lockfile(const char *dir, const char *name)
|
|
+int lockfile(const char *dir, const char *name, int uid, int gid)
|
|
{
|
|
char path[PATH_MAX];
|
|
char buf[16];
|
|
@@ -38,13 +38,20 @@ int lockfile(const char *dir, const char *name)
|
|
int fd, rv;
|
|
|
|
old_umask = umask(0022);
|
|
- rv = mkdir(SANLK_RUN_DIR, 0777);
|
|
+ rv = mkdir(SANLK_RUN_DIR, 0775);
|
|
if (rv < 0 && errno != EEXIST) {
|
|
umask(old_umask);
|
|
return rv;
|
|
}
|
|
umask(old_umask);
|
|
|
|
+ rv = chown(SANLK_RUN_DIR, uid, gid);
|
|
+ if (rv < 0) {
|
|
+ log_error("lockfile chown error %s: %s",
|
|
+ SANLK_RUN_DIR, strerror(errno));
|
|
+ return rv;
|
|
+ }
|
|
+
|
|
snprintf(path, PATH_MAX, "%s/%s", dir, name);
|
|
|
|
fd = open(path, O_CREAT|O_WRONLY|O_CLOEXEC, 0666);
|
|
@@ -83,6 +90,13 @@ int lockfile(const char *dir, const char *name)
|
|
goto fail;
|
|
}
|
|
|
|
+ rv = fchown(fd, uid, gid);
|
|
+ if (rv < 0) {
|
|
+ log_error("lockfile fchown error %s: %s",
|
|
+ path, strerror(errno));
|
|
+ goto fail;
|
|
+ }
|
|
+
|
|
return fd;
|
|
fail:
|
|
close(fd);
|
|
diff --git a/src/lockfile.h b/src/lockfile.h
|
|
index 1702d71..57bbcec 100644
|
|
--- a/src/lockfile.h
|
|
+++ b/src/lockfile.h
|
|
@@ -9,7 +9,7 @@
|
|
#ifndef __LOCKFILE_H__
|
|
#define __LOCKFILE_H__
|
|
|
|
-int lockfile(const char *dir, const char *name);
|
|
+int lockfile(const char *dir, const char *name, int uid, int gid);
|
|
void unlink_lockfile(int fd, const char *dir, const char *name);
|
|
|
|
#endif
|
|
diff --git a/src/main.c b/src/main.c
|
|
index fdf068d..8e39855 100644
|
|
--- a/src/main.c
|
|
+++ b/src/main.c
|
|
@@ -1558,14 +1558,14 @@ static int do_daemon(void)
|
|
|
|
setup_logging();
|
|
|
|
+ fd = lockfile(SANLK_RUN_DIR, SANLK_LOCKFILE_NAME, com.uid, com.gid);
|
|
+ if (fd < 0)
|
|
+ return fd;
|
|
+
|
|
setup_host_name();
|
|
|
|
setup_groups();
|
|
|
|
- fd = lockfile(SANLK_RUN_DIR, SANLK_LOCKFILE_NAME);
|
|
- if (fd < 0)
|
|
- return fd;
|
|
-
|
|
log_error("sanlock daemon started %s aio %d %d renew %d %d host %s time %llu",
|
|
RELEASE_VERSION,
|
|
main_task.use_aio, main_task.io_timeout_seconds,
|
|
--
|
|
1.7.10.1.362.g242cab3
|
|
|