sanlock

Clone
Source Code
GIT

af09f3d lockfile: Keep lockfile owned by root

2 files Authored by nsoffer 5 years ago, Committed by teigland 5 years ago,
raw patch tree parent
2 files changed. 9 lines added. 9 lines removed.
src/lockfile.c
file modified
+4 -8
src/main.c
file modified
+5 -1 
    lockfile: Keep lockfile owned by root
    
    On Fedora 28, sanlock fails to create the lockfile before dropping
    privileges, because /run/sanlock is owned by sanlock, and selinux
    disables DAC_OVERRIDE.
    
    To allow root to create the lockfile before dropping privileges
    /run/sanlock is owned by group root, and group writable.  Since sanlock
    never write to the lockfile after dropping privileges, keep the lockfile
    owned by root.
    
    Here are /run/sanlock permissions with this change:
    
    $ ls -lhdZ /run/sanlock
    drwxrwxr-x. 2 sanlock root system_u:object_r:sanlock_var_run_t:s0 80 Nov 29 23:07 /run/sanlock
    
    $ ls -lhZ /run/sanlock
    total 4.0K
    -rw-r--r--. 1 root    root    system_u:object_r:sanlock_var_run_t:s0 5 Nov 29 23:07 sanlock.pid
    srw-rw----. 1 sanlock sanlock system_u:object_r:sanlock_var_run_t:s0 0 Nov 29 23:07 sanlock.sock
    
    Signed-off-by: Nir Soffer <nsoffer@redhat.com>
file modified
+4 -8
file modified
+5 -1
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.