qemu-pr-helper: Daemonize before dropping privileges

After we've dropped privileges it might be not possible to write pidfile. For instance, if this binary is run as root (because user wants it to write pidfile to some privileged location) writing pidfile fails because privileges are dropped before we even get to that. Signed-off-by: N Michal Privoznik <mprivozn@redhat.com> Signed-off-by: N Paolo Bonzini <pbonzini@redhat.com>

qemu-pr-helper: Daemonize before dropping privileges
After we've dropped privileges it might be not possible to write pidfile. For instance, if this binary is run as root (because user wants it to write pidfile to some privileged location) writing pidfile fails because privileges are dropped before we even get to that. Signed-off-by: N Michal Privoznik <mprivozn@redhat.com> Signed-off-by: N Paolo Bonzini <pbonzini@redhat.com>
8dc0bf26 · Michal Privoznik · Paolo Bonzini · 9f91022f · 8dc0bf26
隐藏空白更改
内联并排

Showing with 7 addition and 7 deletion

scsi/qemu-pr-helper.c scsi/qemu-pr-helper.c +7 -7

未找到文件。
--- a/scsi/qemu-pr-helper.c
+++ b/scsi/qemu-pr-helper.c
@@ -1081,13 +1081,6 @@ int main(int argc, char **argv)
                                         accept_client,
                                         NULL, NULL);

-#ifdef CONFIG_LIBCAP
-    if (drop_privileges() < 0) {
-        error_report("Failed to drop privileges: %s", strerror(errno));
-        exit(EXIT_FAILURE);
-    }
-#endif
-
    if (daemonize) {
        if (daemon(0, 0) < 0) {
            error_report("Failed to daemonize: %s", strerror(errno));
@@ -1096,6 +1089,13 @@ int main(int argc, char **argv)
        write_pidfile();
    }

+#ifdef CONFIG_LIBCAP
+    if (drop_privileges() < 0) {
+        error_report("Failed to drop privileges: %s", strerror(errno));
+        exit(EXIT_FAILURE);
+    }
+#endif
+
    state = RUNNING;
    do {
        main_loop_wait(false);