[CRIU] [PATCH] log: chown pidfile to criu user
Ruslan Kuprieiev
kupruser at gmail.com
Thu Jan 29 08:00:16 PST 2015
On 01/29/2015 05:48 PM, Pavel Emelyanov wrote:
> On 01/22/2015 06:52 PM, Ruslan Kuprieiev wrote:
>> If criu run with suid bit set, user should be able
>> to read pidfiles(i.e. service pidfile).
>>
>> Signed-off-by: Ruslan Kuprieiev <kupruser at gmail.com>
>> ---
>> log.c | 6 ++++++
>> 1 file changed, 6 insertions(+)
>>
>> diff --git a/log.c b/log.c
>> index c6e64da..bbc3828 100644
>> --- a/log.c
>> +++ b/log.c
>> @@ -191,6 +191,12 @@ int write_pidfile(int pid)
>> return -1;
>> }
>>
>> + if (fchown(fd, getuid(), -1)) {
> Why not change the group too?
There is no practical point in doing that, because perms are 600,
but yes, I will fix that so it looks nice.
> And can we make this conditional,
> when the requester is not root.
Sure.
Btw, I forgot about rpc users, so I'll send v2 soon.
Thanks.
>> + pr_perror("Can't chown %s to uid %u", opts.pidfile, getuid());
>> + close(fd);
>> + return -1;
>> + }
>> +
>> dprintf(fd, "%d", pid);
>> close(fd);
>> return 0;
>>
More information about the CRIU
mailing list