'[PATCH 3/6] Change rundir ownership only if running as root'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sanlock-devel
Subject:    [PATCH 3/6] Change rundir ownership only if running as root
From:       Nir Soffer <nsoffer () redhat ! com>
Date:       2022-11-27 17:38:58
Message-ID: 20221127173901.278548-4-nsoffer () redhat ! com
[Download RAW message or body]

This works when testing locally, but fails in ubuntu CI:

    Using non-standard run directory '/tmp/sanlock'
    Running in unprivileged mode uid=1001 gid=1001
    lockfile chown error /tmp/sanlock: Operation not permitted

The ownership change is required only when starting a root to avoid
issues with selinux.

Signed-off-by: Nir Soffer <nsoffer@redhat.com>
---
 src/lockfile.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/lockfile.c b/src/lockfile.c
index cffaaff..fe15bd0 100644
--- a/src/lockfile.c
+++ b/src/lockfile.c
@@ -40,25 +40,27 @@ int lockfile(const char *dir, const char *name, int uid, int gid)
 	 * starting as root. */
 
 	old_umask = umask(0002);
 	rv = mkdir(dir, 0775);
 	if (rv < 0 && errno != EEXIST) {
 		umask(old_umask);
 		return rv;
 	}
 	umask(old_umask);
 
-	rv = chown(dir, uid, gid);
-	if (rv < 0) {
-		log_error("lockfile chown error %s: %s",
-			  dir, strerror(errno));
-		return rv;
+	if (geteuid() == 0) {
+		rv = chown(dir, uid, gid);
+		if (rv < 0) {
+			log_error("lockfile chown error %s: %s",
+				  dir, strerror(errno));
+			return rv;
+		}
 	}
 
 	snprintf(path, PATH_MAX, "%s/%s", dir, name);
 
 	fd = open(path, O_CREAT|O_WRONLY|O_CLOEXEC, 0644);
 	if (fd < 0) {
 		log_error("lockfile open error %s: %s",
 			  path, strerror(errno));
 		return -1;
 	}
-- 
2.38.1
_______________________________________________
sanlock-devel mailing list -- sanlock-devel@lists.fedorahosted.org
To unsubscribe send an email to sanlock-devel-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/sanlock-devel@lists.fedorahosted.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic