packages: syslog-ng/fix-unix-stream-caps.patch (NEW) - details inside
zbyniu
zbyniu at pld-linux.org
Wed Sep 29 13:51:38 CEST 2010
Author: zbyniu Date: Wed Sep 29 11:51:38 2010 GMT
Module: packages Tag: HEAD
---- Log message:
- details inside
---- Files affected:
packages/syslog-ng:
fix-unix-stream-caps.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: packages/syslog-ng/fix-unix-stream-caps.patch
diff -u /dev/null packages/syslog-ng/fix-unix-stream-caps.patch:1.1
--- /dev/null Wed Sep 29 13:51:38 2010
+++ packages/syslog-ng/fix-unix-stream-caps.patch Wed Sep 29 13:51:33 2010
@@ -0,0 +1,39 @@
+fix operations on unix-stream() source
+ - CAP_CHOWN - needed if owner() or group() are in use
+ - CAP_FOWNER - to force chmod() for sockets with owner != root
+ (yes, that enough to switch succession of chown and chmod but who cares)
+ - CAP_DAC_OVERRIDE - force changes if parent dir has 000 perm, ie vservers
+
+--- syslog-ng-3.0.8/src/afunix.c~ 2010-05-05 11:26:57.000000000 +0200
++++ syslog-ng-3.0.8/src/afunix.c 2010-09-29 12:46:13.826955835 +0200
+@@ -24,6 +24,7 @@
+ #include "afunix.h"
+ #include "misc.h"
+ #include "messages.h"
++#include "gprocess.h"
+
+ #include <sys/types.h>
+ #include <sys/socket.h>
+@@ -65,9 +65,14 @@ static gboolean
+ afunix_sd_init(LogPipe *s)
+ {
+ AFUnixSourceDriver *self = (AFUnixSourceDriver *) s;
++ cap_t saved_caps;
+
+ if (afsocket_sd_init(s))
+ {
++ saved_caps = g_process_cap_save();
++ g_process_cap_modify(CAP_CHOWN, TRUE);
++ g_process_cap_modify(CAP_FOWNER, TRUE);
++ g_process_cap_modify(CAP_DAC_OVERRIDE, TRUE);
+ /* change ownership separately, as chgrp may succeed while chown may not */
+ if (self->owner >= 0)
+ chown(self->filename, (uid_t) self->owner, -1);
+@@ -75,6 +79,7 @@ afunix_sd_init(LogPipe *s)
+ chown(self->filename, -1, (gid_t) self->group);
+ if (self->perm >= 0)
+ chmod(self->filename, (mode_t) self->perm);
++ g_process_cap_restore(saved_caps);
+ return TRUE;
+ }
+ return FALSE;
================================================================
More information about the pld-cvs-commit
mailing list