[libvirt] [PATCH 2/2] Make sure the rundir is accessible by the user
Daniel P. Berrange
berrange at redhat.com
Wed Mar 9 14:16:47 UTC 2011
On Wed, Mar 09, 2011 at 02:19:18PM +0100, Guido Günther wrote:
> On Wed, Mar 09, 2011 at 09:20:50AM +0100, Guido Günther wrote:
> > otherwise the user might not have enough permissions to access the
> > socket if roots umask is 077.
> This version of the patch fixes the dependency on a sane umask without
> introducing a new function.
> O.k. to apply?
> Cheers,
> -- Guido
> >From 7595fc991a7fe398466d1e3fac0b52ad9e389602 Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx at sigxcpu.org>
> Date: Wed, 9 Mar 2011 14:15:48 +0100
> Subject: [PATCH] Make sure the rundir is accessible by the user
>
> otherwise the user might not have enough permissions to access the
> socket if root's umask is 077.
>
> http://bugs.debian.org/614210
> ---
> daemon/libvirtd.c | 4 ++++
> 1 files changed, 4 insertions(+), 0 deletions(-)
>
> diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c
> index 452566c..9a5a53e 100644
> --- a/daemon/libvirtd.c
> +++ b/daemon/libvirtd.c
> @@ -3277,16 +3277,20 @@ int main(int argc, char **argv) {
> /* Ensure the rundir exists (on tmpfs on some systems) */
> if (geteuid() == 0) {
> const char *rundir = LOCALSTATEDIR "/run/libvirt";
> + mode_t old_umask;
>
> + old_umask = umask(022);
> if (mkdir (rundir, 0755)) {
> if (errno != EEXIST) {
> char ebuf[1024];
> VIR_ERROR(_("unable to create rundir %s: %s"), rundir,
> virStrerror(errno, ebuf, sizeof(ebuf)));
> ret = VIR_DAEMON_ERR_RUNDIR;
> + umask(old_umask);
> goto error;
> }
> }
> + umask(old_umask);
> }
>
> /* Beyond this point, nothing should rely on using
ACK
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list