]>
Commit | Line | Data |
---|---|---|
30fdc9ec | 1 | fixes for settings like owner(), group(), perm() and analogous dir_* if create_dirs=yes |
2 | for destination files | |
3 | - CAP_DAC_OVERRIDE force changes if parent dir has 000 perm, ie vservers (is inerhitted for dir_* too) | |
4 | - CAP_CHOWN - needed if dir_owner() or dir_group() are in use | |
5 | - CAP_FOWNER - to force chmod() for dirs with owner != root | |
6 | ||
7 | diff -upr syslog-ng-3.0.8./src/affile.c syslog-ng-3.0.8/src/affile.c | |
8 | --- syslog-ng-3.0.8./src/affile.c 2010-05-05 10:32:49.000000000 +0200 | |
9 | +++ syslog-ng-3.0.8/src/affile.c 2010-10-08 16:23:41.319089286 +0200 | |
10 | @@ -55,15 +55,21 @@ affile_open_file(gchar *name, gint flags | |
11 | return FALSE; | |
12 | } | |
13 | ||
14 | - if (create_dirs && !create_containing_directory(name, dir_uid, dir_gid, dir_mode)) | |
15 | - return FALSE; | |
16 | - | |
17 | saved_caps = g_process_cap_save(); | |
18 | if (privileged) | |
19 | { | |
20 | g_process_cap_modify(CAP_DAC_READ_SEARCH, TRUE); | |
21 | g_process_cap_modify(CAP_SYS_ADMIN, TRUE); | |
22 | } | |
23 | + else | |
24 | + g_process_cap_modify(CAP_DAC_OVERRIDE, TRUE); | |
25 | + | |
26 | + if (create_dirs && !create_containing_directory(name, dir_uid, dir_gid, dir_mode)) | |
27 | + { | |
28 | + g_process_cap_restore(saved_caps); | |
29 | + return FALSE; | |
30 | + } | |
31 | + | |
32 | *fd = -1; | |
33 | if (stat(name, &st) >= 0) | |
34 | { | |
35 | diff -upr syslog-ng-3.0.8./src/misc.c syslog-ng-3.0.8/src/misc.c | |
36 | --- syslog-ng-3.0.8./src/misc.c 2010-05-05 11:26:00.000000000 +0200 | |
37 | +++ syslog-ng-3.0.8/src/misc.c 2010-10-08 16:23:41.319089286 +0200 | |
38 | @@ -24,6 +24,7 @@ | |
39 | #include "misc.h" | |
40 | #include "dnscache.h" | |
41 | #include "messages.h" | |
42 | +#include "gprocess.h" | |
43 | ||
44 | #include <sys/types.h> | |
45 | #include <sys/socket.h> | |
46 | @@ -352,6 +353,7 @@ create_containing_directory(gchar *name, | |
47 | gchar *dirname; | |
48 | struct stat st; | |
49 | gint rc; | |
50 | + cap_t saved_caps; | |
51 | ||
52 | /* check that the directory exists */ | |
53 | dirname = g_path_get_dirname(name); | |
54 | @@ -385,12 +387,16 @@ create_containing_directory(gchar *name, | |
55 | { | |
56 | if (mkdir(name, (mode_t) dir_mode) == -1) | |
57 | return FALSE; | |
58 | + saved_caps = g_process_cap_save(); | |
59 | + g_process_cap_modify(CAP_CHOWN, TRUE); | |
60 | + g_process_cap_modify(CAP_FOWNER, TRUE); | |
61 | if (dir_uid >= 0) | |
62 | chown(name, (uid_t) dir_uid, -1); | |
63 | if (dir_gid >= 0) | |
64 | chown(name, -1, (gid_t) dir_gid); | |
65 | if (dir_mode >= 0) | |
66 | chmod(name, (mode_t) dir_mode); | |
67 | + g_process_cap_restore(saved_caps); | |
68 | } | |
69 | *p = '/'; | |
70 | p = strchr(p + 1, '/'); |