[packages/syslog-ng.git] / fix-unix-stream-caps.patch

fix operations on unix-stream() source
 - CAP_CHOWN - needed if owner() or group() are in use
 - CAP_FOWNER - to force chmod() for sockets with owner != root
   (yes, that enough to switch succession of chown and chmod but who cares)
 - CAP_DAC_OVERRIDE - force changes if parent dir has 000 perm, ie vservers 

--- syslog-ng-3.0.8/src/afunix.c~	2010-05-05 11:26:57.000000000 +0200
+++ syslog-ng-3.0.8/src/afunix.c	2010-09-29 12:46:13.826955835 +0200
@@ -24,6 +24,7 @@
 #include "afunix.h"
 #include "misc.h"
 #include "messages.h"
+#include "gprocess.h"
 
 #include <sys/types.h>
 #include <sys/socket.h>
@@ -65,9 +65,14 @@ static gboolean
 afunix_sd_init(LogPipe *s)
 {
   AFUnixSourceDriver *self = (AFUnixSourceDriver *) s;
+  cap_t saved_caps;
   
   if (afsocket_sd_init(s))
     {
+      saved_caps = g_process_cap_save();
+      g_process_cap_modify(CAP_CHOWN, TRUE);
+      g_process_cap_modify(CAP_FOWNER, TRUE);
+      g_process_cap_modify(CAP_DAC_OVERRIDE, TRUE);
       /* change ownership separately, as chgrp may succeed while chown may not */
       if (self->owner >= 0)
         chown(self->filename, (uid_t) self->owner, -1);
@@ -75,6 +79,7 @@ afunix_sd_init(LogPipe *s)
         chown(self->filename, -1, (gid_t) self->group);
       if (self->perm >= 0)
         chmod(self->filename, (mode_t) self->perm);
+      g_process_cap_restore(saved_caps);
       return TRUE;
     }
   return FALSE;
Commit	Line	Data
a6d8e415	1	fix operations on unix-stream() source
	2	- CAP_CHOWN - needed if owner() or group() are in use
	3	- CAP_FOWNER - to force chmod() for sockets with owner != root
	4	(yes, that enough to switch succession of chown and chmod but who cares)
	5	- CAP_DAC_OVERRIDE - force changes if parent dir has 000 perm, ie vservers
	6
	7	--- syslog-ng-3.0.8/src/afunix.c~ 2010-05-05 11:26:57.000000000 +0200
	8	+++ syslog-ng-3.0.8/src/afunix.c 2010-09-29 12:46:13.826955835 +0200
	9	@@ -24,6 +24,7 @@
	10	#include "afunix.h"
	11	#include "misc.h"
	12	#include "messages.h"
	13	+#include "gprocess.h"
	14
	15	#include <sys/types.h>
	16	#include <sys/socket.h>
	17	@@ -65,9 +65,14 @@ static gboolean
	18	afunix_sd_init(LogPipe *s)
	19	{
	20	AFUnixSourceDriver self = (AFUnixSourceDriver ) s;
	21	+ cap_t saved_caps;
	22
	23	if (afsocket_sd_init(s))
	24	{
	25	+ saved_caps = g_process_cap_save();
	26	+ g_process_cap_modify(CAP_CHOWN, TRUE);
	27	+ g_process_cap_modify(CAP_FOWNER, TRUE);
	28	+ g_process_cap_modify(CAP_DAC_OVERRIDE, TRUE);
	29	/* change ownership separately, as chgrp may succeed while chown may not */
	30	if (self->owner >= 0)
	31	chown(self->filename, (uid_t) self->owner, -1);
	32	@@ -75,6 +79,7 @@ afunix_sd_init(LogPipe *s)
	33	chown(self->filename, -1, (gid_t) self->group);
	34	if (self->perm >= 0)
	35	chmod(self->filename, (mode_t) self->perm);
	36	+ g_process_cap_restore(saved_caps);
	37	return TRUE;
	38	}
	39	return FALSE;