[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH 2/2] Make sure the rundir is accessible by the user



On Wed, Mar 09, 2011 at 09:20:50AM +0100, Guido Günther wrote:
> otherwise the user might not have enough permissions to access the
> socket if roots umask is 077.
This version of the patch fixes the dependency on a sane umask without
introducing a new function.
O.k. to apply?
Cheers,
 -- Guido
>From 7595fc991a7fe398466d1e3fac0b52ad9e389602 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx sigxcpu org>
Date: Wed, 9 Mar 2011 14:15:48 +0100
Subject: [PATCH] Make sure the rundir is accessible by the user

otherwise the user might not have enough permissions to access the
socket if root's umask is 077.

http://bugs.debian.org/614210
---
 daemon/libvirtd.c |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c
index 452566c..9a5a53e 100644
--- a/daemon/libvirtd.c
+++ b/daemon/libvirtd.c
@@ -3277,16 +3277,20 @@ int main(int argc, char **argv) {
     /* Ensure the rundir exists (on tmpfs on some systems) */
     if (geteuid() == 0) {
         const char *rundir = LOCALSTATEDIR "/run/libvirt";
+        mode_t old_umask;
 
+        old_umask = umask(022);
         if (mkdir (rundir, 0755)) {
             if (errno != EEXIST) {
                 char ebuf[1024];
                 VIR_ERROR(_("unable to create rundir %s: %s"), rundir,
                           virStrerror(errno, ebuf, sizeof(ebuf)));
                 ret = VIR_DAEMON_ERR_RUNDIR;
+                umask(old_umask);
                 goto error;
             }
         }
+        umask(old_umask);
     }
 
     /* Beyond this point, nothing should rely on using
-- 
1.7.4.1


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]