[prev in list] [next in list] [prev in thread] [next in thread]
List: sanlock-devel
Subject: [PATCH 3/6] Change rundir ownership only if running as root
From: Nir Soffer <nsoffer () redhat ! com>
Date: 2022-11-27 17:38:58
Message-ID: 20221127173901.278548-4-nsoffer () redhat ! com
[Download RAW message or body]
This works when testing locally, but fails in ubuntu CI:
Using non-standard run directory '/tmp/sanlock'
Running in unprivileged mode uid=1001 gid=1001
lockfile chown error /tmp/sanlock: Operation not permitted
The ownership change is required only when starting a root to avoid
issues with selinux.
Signed-off-by: Nir Soffer <nsoffer@redhat.com>
---
src/lockfile.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/src/lockfile.c b/src/lockfile.c
index cffaaff..fe15bd0 100644
--- a/src/lockfile.c
+++ b/src/lockfile.c
@@ -40,25 +40,27 @@ int lockfile(const char *dir, const char *name, int uid, int gid)
* starting as root. */
old_umask = umask(0002);
rv = mkdir(dir, 0775);
if (rv < 0 && errno != EEXIST) {
umask(old_umask);
return rv;
}
umask(old_umask);
- rv = chown(dir, uid, gid);
- if (rv < 0) {
- log_error("lockfile chown error %s: %s",
- dir, strerror(errno));
- return rv;
+ if (geteuid() == 0) {
+ rv = chown(dir, uid, gid);
+ if (rv < 0) {
+ log_error("lockfile chown error %s: %s",
+ dir, strerror(errno));
+ return rv;
+ }
}
snprintf(path, PATH_MAX, "%s/%s", dir, name);
fd = open(path, O_CREAT|O_WRONLY|O_CLOEXEC, 0644);
if (fd < 0) {
log_error("lockfile open error %s: %s",
path, strerror(errno));
return -1;
}
--
2.38.1
_______________________________________________
sanlock-devel mailing list -- sanlock-devel@lists.fedorahosted.org
To unsubscribe send an email to sanlock-devel-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/sanlock-devel@lists.fedorahosted.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic