[CRIU] [PATCH] log: chown pidfile to criu user
Pavel Emelyanov
xemul at parallels.com
Thu Jan 29 07:48:49 PST 2015
On 01/22/2015 06:52 PM, Ruslan Kuprieiev wrote:
> If criu run with suid bit set, user should be able
> to read pidfiles(i.e. service pidfile).
>
> Signed-off-by: Ruslan Kuprieiev <kupruser at gmail.com>
> ---
> log.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/log.c b/log.c
> index c6e64da..bbc3828 100644
> --- a/log.c
> +++ b/log.c
> @@ -191,6 +191,12 @@ int write_pidfile(int pid)
> return -1;
> }
>
> + if (fchown(fd, getuid(), -1)) {
Why not change the group too? And can we make this conditional,
when the requester is not root.
> + pr_perror("Can't chown %s to uid %u", opts.pidfile, getuid());
> + close(fd);
> + return -1;
> + }
> +
> dprintf(fd, "%d", pid);
> close(fd);
> return 0;
>
More information about the CRIU
mailing list