[packages/syslog-ng.git] / fix-dac_override.patch

fixes for settings like owner(), group(), perm() and analogous dir_* if create_dirs=yes
for destination files
 - CAP_DAC_OVERRIDE force changes if parent dir has 000 perm, ie vservers (is inerhitted for dir_* too)
 - CAP_CHOWN - needed if dir_owner() or dir_group() are in use
 - CAP_FOWNER - to force chmod() for dirs with owner != root

diff -upr syslog-ng-3.0.8./src/affile.c syslog-ng-3.0.8/src/affile.c
--- syslog-ng-3.0.8./src/affile.c	2010-05-05 10:32:49.000000000 +0200
+++ syslog-ng-3.0.8/src/affile.c	2010-10-08 16:23:41.319089286 +0200
@@ -55,15 +55,21 @@ affile_open_file(gchar *name, gint flags
       return FALSE;
     }
 
-  if (create_dirs && !create_containing_directory(name, dir_uid, dir_gid, dir_mode))
-    return FALSE;
-
   saved_caps = g_process_cap_save();
   if (privileged)
     {
       g_process_cap_modify(CAP_DAC_READ_SEARCH, TRUE);
       g_process_cap_modify(CAP_SYS_ADMIN, TRUE);
     }
+  else
+      g_process_cap_modify(CAP_DAC_OVERRIDE, TRUE);
+
+  if (create_dirs && !create_containing_directory(name, dir_uid, dir_gid, dir_mode))
+    {
+      g_process_cap_restore(saved_caps);
+      return FALSE;
+    }
+
   *fd = -1;
   if (stat(name, &st) >= 0)
     {
diff -upr syslog-ng-3.0.8./src/misc.c syslog-ng-3.0.8/src/misc.c
--- syslog-ng-3.0.8./src/misc.c	2010-05-05 11:26:00.000000000 +0200
+++ syslog-ng-3.0.8/src/misc.c	2010-10-08 16:23:41.319089286 +0200
@@ -24,6 +24,7 @@
 #include "misc.h"
 #include "dnscache.h"
 #include "messages.h"
+#include "gprocess.h"
 
 #include <sys/types.h>
 #include <sys/socket.h>
@@ -352,6 +353,7 @@ create_containing_directory(gchar *name,
   gchar *dirname;
   struct stat st;
   gint rc;
+  cap_t saved_caps;
   
   /* check that the directory exists */
   dirname = g_path_get_dirname(name);
@@ -385,12 +387,16 @@ create_containing_directory(gchar *name,
         {
           if (mkdir(name, (mode_t) dir_mode) == -1)
             return FALSE;
+	  saved_caps = g_process_cap_save();
+	  g_process_cap_modify(CAP_CHOWN, TRUE);
+	  g_process_cap_modify(CAP_FOWNER, TRUE);
           if (dir_uid >= 0)
             chown(name, (uid_t) dir_uid, -1);
           if (dir_gid >= 0)
             chown(name, -1, (gid_t) dir_gid);
           if (dir_mode >= 0)
             chmod(name, (mode_t) dir_mode);
+	  g_process_cap_restore(saved_caps);
         }
       *p = '/';
       p = strchr(p + 1, '/');
Commit	Line	Data
30fdc9ec	1	fixes for settings like owner(), group(), perm() and analogous dir_* if create_dirs=yes
	2	for destination files
	3	- CAP_DAC_OVERRIDE force changes if parent dir has 000 perm, ie vservers (is inerhitted for dir_* too)
	4	- CAP_CHOWN - needed if dir_owner() or dir_group() are in use
	5	- CAP_FOWNER - to force chmod() for dirs with owner != root
	6
	7	diff -upr syslog-ng-3.0.8./src/affile.c syslog-ng-3.0.8/src/affile.c
	8	--- syslog-ng-3.0.8./src/affile.c 2010-05-05 10:32:49.000000000 +0200
	9	+++ syslog-ng-3.0.8/src/affile.c 2010-10-08 16:23:41.319089286 +0200
	10	@@ -55,15 +55,21 @@ affile_open_file(gchar *name, gint flags
	11	return FALSE;
	12	}
	13
	14	- if (create_dirs && !create_containing_directory(name, dir_uid, dir_gid, dir_mode))
	15	- return FALSE;
	16	-
	17	saved_caps = g_process_cap_save();
	18	if (privileged)
	19	{
	20	g_process_cap_modify(CAP_DAC_READ_SEARCH, TRUE);
	21	g_process_cap_modify(CAP_SYS_ADMIN, TRUE);
	22	}
	23	+ else
	24	+ g_process_cap_modify(CAP_DAC_OVERRIDE, TRUE);
	25	+
	26	+ if (create_dirs && !create_containing_directory(name, dir_uid, dir_gid, dir_mode))
	27	+ {
	28	+ g_process_cap_restore(saved_caps);
	29	+ return FALSE;
	30	+ }
	31	+
	32	*fd = -1;
	33	if (stat(name, &st) >= 0)
	34	{
	35	diff -upr syslog-ng-3.0.8./src/misc.c syslog-ng-3.0.8/src/misc.c
	36	--- syslog-ng-3.0.8./src/misc.c 2010-05-05 11:26:00.000000000 +0200
	37	+++ syslog-ng-3.0.8/src/misc.c 2010-10-08 16:23:41.319089286 +0200
	38	@@ -24,6 +24,7 @@
	39	#include "misc.h"
	40	#include "dnscache.h"
	41	#include "messages.h"
	42	+#include "gprocess.h"
	43
	44	#include <sys/types.h>
	45	#include <sys/socket.h>
	46	@@ -352,6 +353,7 @@ create_containing_directory(gchar *name,
	47	gchar *dirname;
	48	struct stat st;
	49	gint rc;
	50	+ cap_t saved_caps;
	51
	52	/* check that the directory exists */
	53	dirname = g_path_get_dirname(name);
	54	@@ -385,12 +387,16 @@ create_containing_directory(gchar *name,
	55	{
	56	if (mkdir(name, (mode_t) dir_mode) == -1)
	57	return FALSE;
	58	+ saved_caps = g_process_cap_save();
	59	+ g_process_cap_modify(CAP_CHOWN, TRUE);
	60	+ g_process_cap_modify(CAP_FOWNER, TRUE);
	61	if (dir_uid >= 0)
	62	chown(name, (uid_t) dir_uid, -1);
	63	if (dir_gid >= 0)
	64	chown(name, -1, (gid_t) dir_gid);
65	if (dir_mode >= 0)
66	chmod(name, (mode_t) dir_mode);
67	+ g_process_cap_restore(saved_caps);
68	}
69	*p = '/';
70	p = strchr(p + 1, '/');