81 lines
2.4 KiB
Diff
81 lines
2.4 KiB
Diff
From 9edc101e5d8a3e25fa49d30b3a9c3c7691a49a21 Mon Sep 17 00:00:00 2001
|
|
From: Nir Soffer <nsoffer@redhat.com>
|
|
Date: Thu, 6 Dec 2018 13:23:11 -0600
|
|
Subject: [PATCH] lockfile: Keep lockfile owned by root
|
|
|
|
On Fedora 28, sanlock fails to create the lockfile before dropping
|
|
privileges, because /run/sanlock is owned by sanlock, and selinux
|
|
disables DAC_OVERRIDE.
|
|
|
|
To allow root to create the lockfile before dropping privileges
|
|
/run/sanlock is owned by group root, and group writable. Since sanlock
|
|
never write to the lockfile after dropping privileges, keep the lockfile
|
|
owned by root.
|
|
|
|
Here are /run/sanlock permissions with this change:
|
|
|
|
$ ls -lhdZ /run/sanlock
|
|
drwxrwxr-x. 2 sanlock root system_u:object_r:sanlock_var_run_t:s0 80 Nov 29 23:07 /run/sanlock
|
|
|
|
$ ls -lhZ /run/sanlock
|
|
total 4.0K
|
|
-rw-r--r--. 1 root root system_u:object_r:sanlock_var_run_t:s0 5 Nov 29 23:07 sanlock.pid
|
|
srw-rw----. 1 sanlock sanlock system_u:object_r:sanlock_var_run_t:s0 0 Nov 29 23:07 sanlock.sock
|
|
|
|
Signed-off-by: Nir Soffer <nsoffer@redhat.com>
|
|
---
|
|
src/lockfile.c | 12 ++++--------
|
|
src/main.c | 6 +++++-
|
|
2 files changed, 9 insertions(+), 9 deletions(-)
|
|
|
|
diff --git a/src/lockfile.c b/src/lockfile.c
|
|
index e3b720c613f8..61847f11c23c 100644
|
|
--- a/src/lockfile.c
|
|
+++ b/src/lockfile.c
|
|
@@ -37,7 +37,10 @@ int lockfile(const char *dir, const char *name, int uid, int gid)
|
|
mode_t old_umask;
|
|
int fd, rv;
|
|
|
|
- old_umask = umask(0022);
|
|
+ /* Make rundir group writable, allowing creation of the lockfile when
|
|
+ * starting as root. */
|
|
+
|
|
+ old_umask = umask(0002);
|
|
rv = mkdir(SANLK_RUN_DIR, 0775);
|
|
if (rv < 0 && errno != EEXIST) {
|
|
umask(old_umask);
|
|
@@ -90,13 +93,6 @@ int lockfile(const char *dir, const char *name, int uid, int gid)
|
|
goto fail;
|
|
}
|
|
|
|
- rv = fchown(fd, uid, gid);
|
|
- if (rv < 0) {
|
|
- log_error("lockfile fchown error %s: %s",
|
|
- path, strerror(errno));
|
|
- goto fail;
|
|
- }
|
|
-
|
|
return fd;
|
|
fail:
|
|
close(fd);
|
|
diff --git a/src/main.c b/src/main.c
|
|
index 0117183def26..86a2725d40f6 100644
|
|
--- a/src/main.c
|
|
+++ b/src/main.c
|
|
@@ -1667,7 +1667,11 @@ static int do_daemon(void)
|
|
setup_signals();
|
|
setup_logging();
|
|
|
|
- fd = lockfile(SANLK_RUN_DIR, SANLK_LOCKFILE_NAME, com.uid, com.gid);
|
|
+ /* If we run as root, make run_dir owned by root, so we can create the
|
|
+ * lockfile when selinux disables DAC_OVERRIDE.
|
|
+ * See https://danwalsh.livejournal.com/79643.html */
|
|
+
|
|
+ fd = lockfile(SANLK_RUN_DIR, SANLK_LOCKFILE_NAME, com.uid, 0);
|
|
if (fd < 0) {
|
|
close_logging();
|
|
return fd;
|
|
--
|
|
2.7.5
|
|
|