reset/sanlk_reset.c | 7 ++++++-
reset/sanlk_reset.h | 8 +++++---
reset/sanlk_resetd.c | 15 ++++++++++++++-
3 files changed, 25 insertions(+), 5 deletions(-)
New commits:
commit fde9f54e8181935f32f2db9f6f4a4eea92b0308f
Author: David Teigland <teigland(a)redhat.com>
Date: Mon Aug 11 15:33:55 2014 -0500
sanlk-reset: no args should print help
Signed-off-by: David Teigland <teigland(a)redhat.com>
diff --git a/reset/sanlk_reset.c b/reset/sanlk_reset.c
index cba1542..6bff43e 100644
--- a/reset/sanlk_reset.c
+++ b/reset/sanlk_reset.c
@@ -497,6 +497,11 @@ int main(int argc, char *argv[])
memset(&he, 0, sizeof(he));
+ if (argc < 2) {
+ usage();
+ exit(EXIT_FAILURE);
+ }
+
static struct option long_options[] = {
{"help", no_argument, 0, 'h' },
{"version", no_argument, 0, 'V' },
commit 4d13c379dbb53c1653017065e0de3a9130eec473
Author: Nir Soffer <nsoffer(a)redhat.com>
Date: Mon Aug 11 15:31:38 2014 -0500
sanlk-resetd: Allow only privileged user to modify configuration
Previously sanlk-resetd socket used an abstract namespace, allowing any
user to configure the daemon. Now we use a real filename so accessing
the socket is possible only for privileged user.
Signed-off-by: Nir Soffer <nsoffer(a)redhat.com>
diff --git a/reset/sanlk_reset.c b/reset/sanlk_reset.c
index a69d1e3..cba1542 100644
--- a/reset/sanlk_reset.c
+++ b/reset/sanlk_reset.c
@@ -439,7 +439,7 @@ static int update_local_daemon(char *cmd)
rv = sendto(s, buf, UPDATE_SIZE, 0, (struct sockaddr *)&update_addr,
update_addrlen);
if (rv < 0) {
- printf("Failed to update local sanlk-resetd %d\n", rv);
+ printf("Failed to update local sanlk-resetd: %s\n", strerror(errno));
return rv;
} else {
printf("Updated %s %s\n", cmd, ls_names[i]);
diff --git a/reset/sanlk_reset.h b/reset/sanlk_reset.h
index f386301..8c92c8e 100644
--- a/reset/sanlk_reset.h
+++ b/reset/sanlk_reset.h
@@ -14,7 +14,9 @@
#define EVENT_REBOOT 4
#define EVENT_REBOOTING 8
-#define SANLK_RESETD_PATH "sanlk-resetd"
+#define SANLK_RESETD_RUNDIR "/var/run/sanlk-resetd"
+#define SANLK_RESETD_SOCKET SANLK_RESETD_RUNDIR "/sanlk-resetd.sock"
+#define SANLK_RESETD_SOCKET_MODE (S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP)
#define UPDATE_SIZE 256 /* sendmsg size on unix socket */
@@ -28,8 +30,8 @@ static inline int setup_resetd_socket(void)
memset(&update_addr, 0, sizeof(update_addr));
update_addr.sun_family = AF_LOCAL;
- strcpy(&update_addr.sun_path[1], SANLK_RESETD_PATH);
- update_addrlen = sizeof(sa_family_t) + strlen(update_addr.sun_path+1) + 1;
+ strcpy(update_addr.sun_path, SANLK_RESETD_SOCKET);
+ update_addrlen = sizeof(sa_family_t) + strlen(update_addr.sun_path) + 1;
return s;
}
diff --git a/reset/sanlk_resetd.c b/reset/sanlk_resetd.c
index c9deedb..6e55404 100644
--- a/reset/sanlk_resetd.c
+++ b/reset/sanlk_resetd.c
@@ -446,14 +446,27 @@ static int setup_update(void)
{
int s, rv;
+ rv = mkdir(SANLK_RESETD_RUNDIR, 0755);
+ if (rv < 0 && errno != EEXIST)
+ return rv;
+
s = setup_resetd_socket();
+ unlink(update_addr.sun_path);
rv = bind(s, (struct sockaddr *) &update_addr, update_addrlen);
if (rv < 0)
- return rv;
+ goto fail_close;
+
+ rv = chmod(update_addr.sun_path, SANLK_RESETD_SOCKET_MODE);
+ if (rv < 0)
+ goto fail_close;
update_fd = s;
return 0;
+
+fail_close:
+ close(s);
+ return -1;
}
static void process_update(int fd)
Show replies by date