Re: [libvirt] [PATCH 2/2] Make sure the rundir is accessible by the user
On Wed, Mar 09, 2011 at 02:19:18PM +0100, Guido Günther wrote:
On Wed, Mar 09, 2011 at 09:20:50AM +0100, Guido Günther wrote:
> otherwise the user might not have enough permissions to access the
> socket if roots umask is 077.
This version of the patch fixes the dependency on a sane umask without
introducing a new function.
O.k. to apply?
Cheers,
-- Guido
>From 7595fc991a7fe398466d1e3fac0b52ad9e389602 Mon Sep 17 00:00:00
2001
From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx(a)sigxcpu.org>
Date: Wed, 9 Mar 2011 14:15:48 +0100
Subject: [PATCH] Make sure the rundir is accessible by the user
otherwise the user might not have enough permissions to access the
socket if root's umask is 077.
http://bugs.debian.org/614210
---
daemon/libvirtd.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c
index 452566c..9a5a53e 100644
--- a/daemon/libvirtd.c
+++ b/daemon/libvirtd.c
@@ -3277,16 +3277,20 @@ int main(int argc, char **argv) {
/* Ensure the rundir exists (on tmpfs on some systems) */
if (geteuid() == 0) {
const char *rundir = LOCALSTATEDIR "/run/libvirt";
+ mode_t old_umask;
+ old_umask = umask(022);
if (mkdir (rundir, 0755)) {
if (errno != EEXIST) {
char ebuf[1024];
VIR_ERROR(_("unable to create rundir %s: %s"), rundir,
virStrerror(errno, ebuf, sizeof(ebuf)));
ret = VIR_DAEMON_ERR_RUNDIR;
+ umask(old_umask);
goto error;
}
}
+ umask(old_umask);
}
/* Beyond this point, nothing should rely on using
ACK
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|