[pdm-devel] [PATCH proxmox-datacenter-manager] privileged api daemon: call fchownat with AT_SYMLINK_NOFOLLOW

[Lukas Wagner]

AT_SYMLINK_FOLLOW makes the fchownat call fail with EINVAL, which
prevents daemon startup alltogether. The only supported flag for
fchownat is AT_SYMLINK_NOFOLLOW [1]. If one would actually would want to
follow a symlink here one would have to pass no flag at all.

The socket path which is fchownat'd here should not be a symlink at all,
so the safer option should be to pass AT_SYMLINK_NOFOLLOW.

[1] https://linux.die.net/man/2/fchownat

Signed-off-by: Lukas Wagner <l.wagner at proxmox.com>
---
 server/src/bin/proxmox-datacenter-privileged-api.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/src/bin/proxmox-datacenter-privileged-api.rs b/server/src/bin/proxmox-datacenter-privileged-api.rs
index b62f4ea2..bcab882f 100644
--- a/server/src/bin/proxmox-datacenter-privileged-api.rs
+++ b/server/src/bin/proxmox-datacenter-privileged-api.rs
@@ -166,7 +166,7 @@ async fn run() -> Result<(), Error> {
                 sockpath,
                 None,
                 Some(api_user.gid),
-                AtFlags::AT_SYMLINK_FOLLOW,
+                AtFlags::AT_SYMLINK_NOFOLLOW,
             )
             .map_err(|err| {
                 format_err!("unable to set ownership for api socket '{sockpath}' - {err}")
-- 
2.47.2