提交 9a152d48 编写于 作者: D Daniel P. Berrange

Fix problem writing QEMU pidfile

* src/util.c: Don't drop capabilities until after the PID file has
  been written. Kill off child if writing the PID file fails
* src/qemu_driver.c: Remove bogus trailing '/' in state dir
上级 df3de82c
...@@ -468,7 +468,7 @@ qemudStartup(int privileged) { ...@@ -468,7 +468,7 @@ qemudStartup(int privileged) {
goto out_of_memory; goto out_of_memory;
if (virAsprintf(&qemu_driver->stateDir, if (virAsprintf(&qemu_driver->stateDir,
"%s/run/libvirt/qemu/", LOCAL_STATE_DIR) == -1) "%s/run/libvirt/qemu", LOCAL_STATE_DIR) == -1)
goto out_of_memory; goto out_of_memory;
} else { } else {
uid_t uid = geteuid(); uid_t uid = geteuid();
......
...@@ -513,12 +513,6 @@ __virExec(virConnectPtr conn, ...@@ -513,12 +513,6 @@ __virExec(virConnectPtr conn,
if ((hook)(data) != 0) if ((hook)(data) != 0)
_exit(1); _exit(1);
/* The hook above may need todo something privileged, so
* we delay clearing capabilities until now */
if ((flags & VIR_EXEC_CLEAR_CAPS) &&
virClearCapabilities() < 0)
_exit(1);
/* Daemonize as late as possible, so the parent process can detect /* Daemonize as late as possible, so the parent process can detect
* the above errors with wait* */ * the above errors with wait* */
if (flags & VIR_EXEC_DAEMON) { if (flags & VIR_EXEC_DAEMON) {
...@@ -543,6 +537,9 @@ __virExec(virConnectPtr conn, ...@@ -543,6 +537,9 @@ __virExec(virConnectPtr conn,
if (pid > 0) { if (pid > 0) {
if (pidfile && virFileWritePidPath(pidfile,pid)) { if (pidfile && virFileWritePidPath(pidfile,pid)) {
kill(pid, SIGTERM);
usleep(500*1000);
kill(pid, SIGTERM);
virReportSystemError(conn, errno, virReportSystemError(conn, errno,
"%s", _("could not write pidfile")); "%s", _("could not write pidfile"));
_exit(1); _exit(1);
...@@ -551,6 +548,12 @@ __virExec(virConnectPtr conn, ...@@ -551,6 +548,12 @@ __virExec(virConnectPtr conn,
} }
} }
/* The steps above may need todo something privileged, so
* we delay clearing capabilities until the last minute */
if ((flags & VIR_EXEC_CLEAR_CAPS) &&
virClearCapabilities() < 0)
_exit(1);
if (envp) if (envp)
execve(argv[0], (char **) argv, (char**)envp); execve(argv[0], (char **) argv, (char**)envp);
else else
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册