]>
Commit | Line | Data |
---|---|---|
a6d8e415 | 1 | fix operations on unix-stream() source |
2 | - CAP_CHOWN - needed if owner() or group() are in use | |
3 | - CAP_FOWNER - to force chmod() for sockets with owner != root | |
4 | (yes, that enough to switch succession of chown and chmod but who cares) | |
5 | - CAP_DAC_OVERRIDE - force changes if parent dir has 000 perm, ie vservers | |
6 | ||
7 | --- syslog-ng-3.0.8/src/afunix.c~ 2010-05-05 11:26:57.000000000 +0200 | |
8 | +++ syslog-ng-3.0.8/src/afunix.c 2010-09-29 12:46:13.826955835 +0200 | |
9 | @@ -24,6 +24,7 @@ | |
10 | #include "afunix.h" | |
11 | #include "misc.h" | |
12 | #include "messages.h" | |
13 | +#include "gprocess.h" | |
14 | ||
15 | #include <sys/types.h> | |
16 | #include <sys/socket.h> | |
17 | @@ -65,9 +65,14 @@ static gboolean | |
18 | afunix_sd_init(LogPipe *s) | |
19 | { | |
20 | AFUnixSourceDriver *self = (AFUnixSourceDriver *) s; | |
21 | + cap_t saved_caps; | |
22 | ||
23 | if (afsocket_sd_init(s)) | |
24 | { | |
25 | + saved_caps = g_process_cap_save(); | |
26 | + g_process_cap_modify(CAP_CHOWN, TRUE); | |
27 | + g_process_cap_modify(CAP_FOWNER, TRUE); | |
28 | + g_process_cap_modify(CAP_DAC_OVERRIDE, TRUE); | |
29 | /* change ownership separately, as chgrp may succeed while chown may not */ | |
30 | if (self->owner >= 0) | |
31 | chown(self->filename, (uid_t) self->owner, -1); | |
32 | @@ -75,6 +79,7 @@ afunix_sd_init(LogPipe *s) | |
33 | chown(self->filename, -1, (gid_t) self->group); | |
34 | if (self->perm >= 0) | |
35 | chmod(self->filename, (mode_t) self->perm); | |
36 | + g_process_cap_restore(saved_caps); | |
37 | return TRUE; | |
38 | } | |
39 | return FALSE; |