On Wed, Mar 09, 2011 at 09:20:50AM +0100, Guido Günther wrote: > otherwise the user might not have enough permissions to access the > socket if roots umask is 077. This version of the patch fixes the dependency on a sane umask without introducing a new function. O.k. to apply? Cheers, -- Guido
>From 7595fc991a7fe398466d1e3fac0b52ad9e389602 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@xxxxxxxxxxx> Date: Wed, 9 Mar 2011 14:15:48 +0100 Subject: [PATCH] Make sure the rundir is accessible by the user otherwise the user might not have enough permissions to access the socket if root's umask is 077. http://bugs.debian.org/614210 --- daemon/libvirtd.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c index 452566c..9a5a53e 100644 --- a/daemon/libvirtd.c +++ b/daemon/libvirtd.c @@ -3277,16 +3277,20 @@ int main(int argc, char **argv) { /* Ensure the rundir exists (on tmpfs on some systems) */ if (geteuid() == 0) { const char *rundir = LOCALSTATEDIR "/run/libvirt"; + mode_t old_umask; + old_umask = umask(022); if (mkdir (rundir, 0755)) { if (errno != EEXIST) { char ebuf[1024]; VIR_ERROR(_("unable to create rundir %s: %s"), rundir, virStrerror(errno, ebuf, sizeof(ebuf))); ret = VIR_DAEMON_ERR_RUNDIR; + umask(old_umask); goto error; } } + umask(old_umask); } /* Beyond this point, nothing should rely on using -- 1.7.4.1
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list