1 fixes for settings like owner(), group(), perm() and analogous dir_* if create_dirs=yes
3 - CAP_DAC_OVERRIDE force changes if parent dir has 000 perm, ie vservers (is inerhitted for dir_* too)
4 - CAP_CHOWN - needed if dir_owner() or dir_group() are in use
5 - CAP_FOWNER - to force chmod() for dirs with owner != root
7 diff -upr syslog-ng-3.0.8./src/affile.c syslog-ng-3.0.8/src/affile.c
8 --- syslog-ng-3.0.8./src/affile.c 2010-05-05 10:32:49.000000000 +0200
9 +++ syslog-ng-3.0.8/src/affile.c 2010-10-08 16:23:41.319089286 +0200
10 @@ -55,15 +55,21 @@ affile_open_file(gchar *name, gint flags
14 - if (create_dirs && !create_containing_directory(name, dir_uid, dir_gid, dir_mode))
17 saved_caps = g_process_cap_save();
20 g_process_cap_modify(CAP_DAC_READ_SEARCH, TRUE);
21 g_process_cap_modify(CAP_SYS_ADMIN, TRUE);
24 + g_process_cap_modify(CAP_DAC_OVERRIDE, TRUE);
26 + if (create_dirs && !create_containing_directory(name, dir_uid, dir_gid, dir_mode))
28 + g_process_cap_restore(saved_caps);
33 if (stat(name, &st) >= 0)
35 diff -upr syslog-ng-3.0.8./src/misc.c syslog-ng-3.0.8/src/misc.c
36 --- syslog-ng-3.0.8./src/misc.c 2010-05-05 11:26:00.000000000 +0200
37 +++ syslog-ng-3.0.8/src/misc.c 2010-10-08 16:23:41.319089286 +0200
42 +#include "gprocess.h"
44 #include <sys/types.h>
45 #include <sys/socket.h>
46 @@ -352,6 +353,7 @@ create_containing_directory(gchar *name,
52 /* check that the directory exists */
53 dirname = g_path_get_dirname(name);
54 @@ -385,12 +387,16 @@ create_containing_directory(gchar *name,
56 if (mkdir(name, (mode_t) dir_mode) == -1)
58 + saved_caps = g_process_cap_save();
59 + g_process_cap_modify(CAP_CHOWN, TRUE);
60 + g_process_cap_modify(CAP_FOWNER, TRUE);
62 chown(name, (uid_t) dir_uid, -1);
64 chown(name, -1, (gid_t) dir_gid);
66 chmod(name, (mode_t) dir_mode);
67 + g_process_cap_restore(saved_caps);
70 p = strchr(p + 1, '/');