[sanlock/f17] fix lockfile ownership
David Teigland
teigland at fedoraproject.org
Tue Jul 24 15:37:02 UTC 2012
commit 7b2cf9250d5494aa37e57de42044a6b8ac0ac0e9
Author: David Teigland <teigland at redhat.com>
Date: Tue Jul 24 10:36:41 2012 -0500
fix lockfile ownership
0001-daemon-include-resource.h.patch | 27 ++++++++
0002-daemon-fix-lockfile-ownership.patch | 104 ++++++++++++++++++++++++++++++
sanlock.spec | 13 ++++-
3 files changed, 143 insertions(+), 1 deletions(-)
---
diff --git a/0001-daemon-include-resource.h.patch b/0001-daemon-include-resource.h.patch
new file mode 100644
index 0000000..2b1892f
--- /dev/null
+++ b/0001-daemon-include-resource.h.patch
@@ -0,0 +1,27 @@
+From 9f47804b2e8a0bc822b038427562d3a481c28693 Mon Sep 17 00:00:00 2001
+From: David Teigland <teigland at redhat.com>
+Date: Mon, 23 Jul 2012 10:58:50 -0500
+Subject: [PATCH 1/2] daemon: include resource.h
+
+for rlimits
+
+Signed-off-by: David Teigland <teigland at redhat.com>
+---
+ src/main.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/main.c b/src/main.c
+index d5f4d04..fdf068d 100644
+--- a/src/main.c
++++ b/src/main.c
+@@ -32,6 +32,7 @@
+ #include <sys/mman.h>
+ #include <sys/mman.h>
+ #include <sys/utsname.h>
++#include <sys/resource.h>
+ #include <uuid/uuid.h>
+
+ #define EXTERN
+--
+1.7.10.1.362.g242cab3
+
diff --git a/0002-daemon-fix-lockfile-ownership.patch b/0002-daemon-fix-lockfile-ownership.patch
new file mode 100644
index 0000000..0ecaa17
--- /dev/null
+++ b/0002-daemon-fix-lockfile-ownership.patch
@@ -0,0 +1,104 @@
+From a80c4a0d0b3cd1cb9a10fb8b681c48bf639ca9d1 Mon Sep 17 00:00:00 2001
+From: David Teigland <teigland at redhat.com>
+Date: Tue, 24 Jul 2012 09:21:30 -0500
+Subject: [PATCH 2/2] daemon: fix lockfile ownership
+
+make the owner sanlock uid/gid instead of root
+so the daemon continues to have access to it
+after the process drops root privileges.
+
+Signed-off-by: David Teigland <teigland at redhat.com>
+---
+ src/lockfile.c | 18 ++++++++++++++++--
+ src/lockfile.h | 2 +-
+ src/main.c | 8 ++++----
+ 3 files changed, 21 insertions(+), 7 deletions(-)
+
+diff --git a/src/lockfile.c b/src/lockfile.c
+index cd4d4e2..129d956 100644
+--- a/src/lockfile.c
++++ b/src/lockfile.c
+@@ -29,7 +29,7 @@
+ #include "log.h"
+ #include "lockfile.h"
+
+-int lockfile(const char *dir, const char *name)
++int lockfile(const char *dir, const char *name, int uid, int gid)
+ {
+ char path[PATH_MAX];
+ char buf[16];
+@@ -38,13 +38,20 @@ int lockfile(const char *dir, const char *name)
+ int fd, rv;
+
+ old_umask = umask(0022);
+- rv = mkdir(SANLK_RUN_DIR, 0777);
++ rv = mkdir(SANLK_RUN_DIR, 0775);
+ if (rv < 0 && errno != EEXIST) {
+ umask(old_umask);
+ return rv;
+ }
+ umask(old_umask);
+
++ rv = chown(SANLK_RUN_DIR, uid, gid);
++ if (rv < 0) {
++ log_error("lockfile chown error %s: %s",
++ SANLK_RUN_DIR, strerror(errno));
++ return rv;
++ }
++
+ snprintf(path, PATH_MAX, "%s/%s", dir, name);
+
+ fd = open(path, O_CREAT|O_WRONLY|O_CLOEXEC, 0666);
+@@ -83,6 +90,13 @@ int lockfile(const char *dir, const char *name)
+ goto fail;
+ }
+
++ rv = fchown(fd, uid, gid);
++ if (rv < 0) {
++ log_error("lockfile fchown error %s: %s",
++ path, strerror(errno));
++ goto fail;
++ }
++
+ return fd;
+ fail:
+ close(fd);
+diff --git a/src/lockfile.h b/src/lockfile.h
+index 1702d71..57bbcec 100644
+--- a/src/lockfile.h
++++ b/src/lockfile.h
+@@ -9,7 +9,7 @@
+ #ifndef __LOCKFILE_H__
+ #define __LOCKFILE_H__
+
+-int lockfile(const char *dir, const char *name);
++int lockfile(const char *dir, const char *name, int uid, int gid);
+ void unlink_lockfile(int fd, const char *dir, const char *name);
+
+ #endif
+diff --git a/src/main.c b/src/main.c
+index fdf068d..8e39855 100644
+--- a/src/main.c
++++ b/src/main.c
+@@ -1558,14 +1558,14 @@ static int do_daemon(void)
+
+ setup_logging();
+
++ fd = lockfile(SANLK_RUN_DIR, SANLK_LOCKFILE_NAME, com.uid, com.gid);
++ if (fd < 0)
++ return fd;
++
+ setup_host_name();
+
+ setup_groups();
+
+- fd = lockfile(SANLK_RUN_DIR, SANLK_LOCKFILE_NAME);
+- if (fd < 0)
+- return fd;
+-
+ log_error("sanlock daemon started %s aio %d %d renew %d %d host %s time %llu",
+ RELEASE_VERSION,
+ main_task.use_aio, main_task.io_timeout_seconds,
+--
+1.7.10.1.362.g242cab3
+
diff --git a/sanlock.spec b/sanlock.spec
index 143a49f..3fe7372 100644
--- a/sanlock.spec
+++ b/sanlock.spec
@@ -1,6 +1,6 @@
Name: sanlock
Version: 2.4
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: A shared disk lock manager
Group: System Environment/Base
@@ -13,6 +13,9 @@ Requires(pre): /usr/sbin/groupadd
Requires(pre): /usr/sbin/useradd
Source0: https://fedorahosted.org/releases/s/a/sanlock/%{name}-%{version}.tar.gz
+Patch0: 0001-daemon-include-resource.h.patch
+Patch1: 0002-daemon-fix-lockfile-ownership.patch
+
%description
sanlock uses disk paxos to manage leases on shared storage.
Hosts connected to a common SAN can use this to synchronize their
@@ -20,6 +23,8 @@ access to the shared disks.
%prep
%setup -q
+%patch0 -p1 -b .0001-daemon-include-resource.h.patch
+%patch1 -p1 -b .0002-daemon-fix-lockfile-ownership.patch
%build
# upstream does not require configure
@@ -56,6 +61,8 @@ install -Dm 0644 src/logrotate.sanlock \
install -Dm 0644 src/sysconfig.sanlock \
$RPM_BUILD_ROOT/etc/sysconfig/sanlock
+install -Dd -m 775 $RPM_BUILD_ROOT/%{_localstatedir}/run/sanlock
+
%clean
rm -rf $RPM_BUILD_ROOT
@@ -115,6 +122,7 @@ fi
%endif
%{_sbindir}/sanlock
%{_sbindir}/wdmd
+%dir %attr(-,sanlock,sanlock) %{_localstatedir}/run/sanlock
%{_mandir}/man8/wdmd*
%{_mandir}/man8/sanlock*
%config(noreplace) %{_sysconfdir}/logrotate.d/sanlock
@@ -177,6 +185,9 @@ developing applications that use %{name}.
%{_includedir}/sanlock_direct.h
%changelog
+* Tue Jul 24 2012 David Teigland <teigland at redhat.com> - 2.4-2
+- fix lockfile ownership
+
* Mon Jul 23 2012 David Teigland <teigland at redhat.com> - 2.4-1
- Update to sanlock-2.4
More information about the scm-commits
mailing list