This works when testing locally, but fails in ubuntu CI:
Using non-standard run directory '/tmp/sanlock' Running in unprivileged mode uid=1001 gid=1001 lockfile chown error /tmp/sanlock: Operation not permitted
The ownership change is required only when starting a root to avoid issues with selinux.
Signed-off-by: Nir Soffer nsoffer@redhat.com --- src/lockfile.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/src/lockfile.c b/src/lockfile.c index cffaaff..fe15bd0 100644 --- a/src/lockfile.c +++ b/src/lockfile.c @@ -40,25 +40,27 @@ int lockfile(const char *dir, const char *name, int uid, int gid) * starting as root. */
old_umask = umask(0002); rv = mkdir(dir, 0775); if (rv < 0 && errno != EEXIST) { umask(old_umask); return rv; } umask(old_umask);
- rv = chown(dir, uid, gid); - if (rv < 0) { - log_error("lockfile chown error %s: %s", - dir, strerror(errno)); - return rv; + if (geteuid() == 0) { + rv = chown(dir, uid, gid); + if (rv < 0) { + log_error("lockfile chown error %s: %s", + dir, strerror(errno)); + return rv; + } }
snprintf(path, PATH_MAX, "%s/%s", dir, name);
fd = open(path, O_CREAT|O_WRONLY|O_CLOEXEC, 0644); if (fd < 0) { log_error("lockfile open error %s: %s", path, strerror(errno)); return -1; }