We bind the socket after dropping privileges so the socket is already owned by the current user and group and there is no need to change ownership.
This works when running in unprivileged mode locally but fails on Ubuntu CI:
Using non-standard run directory '/tmp/sanlock' Running in unprivileged mode uid=1001 gid=1001 sanlock daemon started 3.8.5 host 64b4f365-e153-4e0f-b4bf-c462c37739e7.fv-az41-301 (fv-az41-301) could not set socket /tmp/sanlock/sanlock.sock permissions: Operation not permitted
Signed-off-by: Nir Soffer nsoffer@redhat.com --- src/main.c | 7 ------- 1 file changed, 7 deletions(-)
diff --git a/src/main.c b/src/main.c index f0182b6..3944452 100644 --- a/src/main.c +++ b/src/main.c @@ -1385,27 +1385,20 @@ static int setup_listener(void)
unlink(addr.sun_path); rv = bind(fd, (struct sockaddr *) &addr, sizeof(struct sockaddr_un)); if (rv < 0) goto exit_fail;
rv = chmod(addr.sun_path, DEFAULT_SOCKET_MODE); if (rv < 0) goto exit_fail;
- rv = chown(addr.sun_path, com.uid, com.gid); - if (rv < 0) { - log_error("could not set socket %s permissions: %s", - addr.sun_path, strerror(errno)); - goto exit_fail; - } - rv = listen(fd, 5); if (rv < 0) goto exit_fail;
fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) | O_NONBLOCK);
ci = client_add(fd, process_listener, NULL); if (ci < 0) goto exit_fail;