- details inside

Changed files:
    fix-unix-stream-caps.patch -> 1.1

diff --git a/fix-unix-stream-caps.patch b/fix-unix-stream-caps.patch
new file mode 100644 (file)
index 0000000..63f6b92
--- /dev/null
+++ b/fix-unix-stream-caps.patch
@@ -0,0 +1,39 @@
+fix operations on unix-stream() source
+ - CAP_CHOWN - needed if owner() or group() are in use
+ - CAP_FOWNER - to force chmod() for sockets with owner != root
+   (yes, that enough to switch succession of chown and chmod but who cares)
+ - CAP_DAC_OVERRIDE - force changes if parent dir has 000 perm, ie vservers 
+
+--- syslog-ng-3.0.8/src/afunix.c~      2010-05-05 11:26:57.000000000 +0200
++++ syslog-ng-3.0.8/src/afunix.c       2010-09-29 12:46:13.826955835 +0200
+@@ -24,6 +24,7 @@
+ #include "afunix.h"
+ #include "misc.h"
+ #include "messages.h"
++#include "gprocess.h"
+ 
+ #include <sys/types.h>
+ #include <sys/socket.h>
+@@ -65,9 +65,14 @@ static gboolean
+ afunix_sd_init(LogPipe *s)
+ {
+   AFUnixSourceDriver *self = (AFUnixSourceDriver *) s;
++  cap_t saved_caps;
+   
+   if (afsocket_sd_init(s))
+     {
++      saved_caps = g_process_cap_save();
++      g_process_cap_modify(CAP_CHOWN, TRUE);
++      g_process_cap_modify(CAP_FOWNER, TRUE);
++      g_process_cap_modify(CAP_DAC_OVERRIDE, TRUE);
+       /* change ownership separately, as chgrp may succeed while chown may not */
+       if (self->owner >= 0)
+         chown(self->filename, (uid_t) self->owner, -1);
+@@ -75,6 +79,7 @@ afunix_sd_init(LogPipe *s)
+         chown(self->filename, -1, (gid_t) self->group);
+       if (self->perm >= 0)
+         chmod(self->filename, (mode_t) self->perm);
++      g_process_cap_restore(saved_caps);
+       return TRUE;
+     }
+   return FALSE;