提交 7ca954cf 编写于 作者: J Jim Meyering

libvirtd: do not ignore failure to set group ID in privileged mode

* daemon/libvirtd.c (qemudListenUnix): Diagnose and fail upon
failure to set or restore group-ID.
上级 1204e41f
...@@ -560,8 +560,10 @@ static int qemudListenUnix(struct qemud_server *server, ...@@ -560,8 +560,10 @@ static int qemudListenUnix(struct qemud_server *server,
oldgrp = getgid(); oldgrp = getgid();
oldmask = umask(readonly ? ~unix_sock_ro_mask : ~unix_sock_rw_mask); oldmask = umask(readonly ? ~unix_sock_ro_mask : ~unix_sock_rw_mask);
if (server->privileged) if (server->privileged && setgid(unix_sock_gid)) {
setgid(unix_sock_gid); VIR_ERROR(_("Failed to set group ID to %d"), unix_sock_gid);
goto cleanup;
}
if (bind(sock->fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) { if (bind(sock->fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
VIR_ERROR(_("Failed to bind socket to '%s': %s"), VIR_ERROR(_("Failed to bind socket to '%s': %s"),
...@@ -569,8 +571,10 @@ static int qemudListenUnix(struct qemud_server *server, ...@@ -569,8 +571,10 @@ static int qemudListenUnix(struct qemud_server *server,
goto cleanup; goto cleanup;
} }
umask(oldmask); umask(oldmask);
if (server->privileged) if (server->privileged && setgid(oldgrp)) {
setgid(oldgrp); VIR_ERROR(_("Failed to restore group ID to %d"), oldgrp);
goto cleanup;
}
if (listen(sock->fd, 30) < 0) { if (listen(sock->fd, 30) < 0) {
VIR_ERROR(_("Failed to listen for connections on '%s': %s"), VIR_ERROR(_("Failed to listen for connections on '%s': %s"),
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册