Pathname sockets need to be world read/writable in order to allow regular
users to read information from multipathd. Our SO_PEERCRED permission check
will make sure that they can't make configuration changes. Also, SO_REUSEADDR
doesn't work for pathname sockets as it does for abstract Unix sockets. A
possibly pre-existing socket file must be removed before trying to recreate it.
Signed-off-by: Martin Wilck <mwilck@xxxxxxxx>
---
libmpathutil/uxsock.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/libmpathutil/uxsock.c b/libmpathutil/uxsock.c
index 12c4608..889d7a1 100644
--- a/libmpathutil/uxsock.c
+++ b/libmpathutil/uxsock.c
@@ -62,6 +62,11 @@ int ux_socket_listen(const char *name)
return fd;
}
#endif
+
+ /* This is after the PID check, so unlinking should be fine */
+ if (name[0] != '@' && unlink(name) == -1 && errno != ENOENT)
+ condlog(1, "Failed to unlink %s", name);
+
fd = socket(AF_LOCAL, SOCK_STREAM, 0);
if (fd == -1) {
condlog(3, "Couldn't create ux_socket, error %d", errno);
@@ -75,6 +80,14 @@ int ux_socket_listen(const char *name)
return -1;
}
+ /*
+ * Socket needs to have rw permissions for everone.
+ * SO_PEERCRED makes sure that only root can modify things.
+ */
+ if (name[0] != '@' &&
+ chmod(name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH) == -1)
+ condlog(3, "failed to set permissions on %s: %s", name, strerror(errno));
+
if (listen(fd, 10) == -1) {
condlog(3, "Couldn't listen to ux_socket, error %d", errno);
close(fd);
--
2.48.1
