[pve-devel] applied: [PATCH cluster] pmxcfs: allow read access for www-data to /run dir
Thomas Lamprecht
t.lamprecht at proxmox.com
Thu Apr 11 07:52:40 CEST 2019
There's no real sensible information here, and we naturally only
allow read, but no write/exec.
This makes our IPCC restart connection re-cachin heuristic also work
for processes run as www-data, e.g., pveproxy, and thus guarantee a
more seamless pmxcfs restart - e.g., for package updates.
Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
---
data/src/pmxcfs.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/data/src/pmxcfs.c b/data/src/pmxcfs.c
index 2e78fdf..7399182 100644
--- a/data/src/pmxcfs.c
+++ b/data/src/pmxcfs.c
@@ -863,6 +863,7 @@ int main(int argc, char *argv[])
mkdir(VARLIBDIR, 0755);
mkdir(RUNDIR, 0755);
+ chown(RUNDIR, 0, cfs.gid);
if ((lockfd = open(LOCKFILE, O_RDWR|O_CREAT|O_APPEND, 0600)) == -1) {
cfs_critical("unable to create lock '%s': %s", LOCKFILE, strerror (errno));
@@ -1053,7 +1054,8 @@ int main(int argc, char *argv[])
ret = fuse_loop_mt(fuse);
- open(RESTART_FLAG_FILE, O_CREAT|O_NOCTTY|O_NONBLOCK);
+ open(RESTART_FLAG_FILE, O_CREAT|O_NOCTTY|O_NONBLOCK, S_IRUSR | S_IRGRP);
+ chown(RESTART_FLAG_FILE, 0, cfs.gid);
cfs_message("teardown filesystem");
--
2.20.1
More information about the pve-devel
mailing list