packages: syslog-ng/fix-unix-stream-caps.patch (NEW) - details inside

zbyniu zbyniu at pld-linux.org
Wed Sep 29 13:51:38 CEST 2010


Author: zbyniu                       Date: Wed Sep 29 11:51:38 2010 GMT
Module: packages                      Tag: HEAD
---- Log message:
- details inside

---- Files affected:
packages/syslog-ng:
   fix-unix-stream-caps.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: packages/syslog-ng/fix-unix-stream-caps.patch
diff -u /dev/null packages/syslog-ng/fix-unix-stream-caps.patch:1.1
--- /dev/null	Wed Sep 29 13:51:38 2010
+++ packages/syslog-ng/fix-unix-stream-caps.patch	Wed Sep 29 13:51:33 2010
@@ -0,0 +1,39 @@
+fix operations on unix-stream() source
+ - CAP_CHOWN - needed if owner() or group() are in use
+ - CAP_FOWNER - to force chmod() for sockets with owner != root
+   (yes, that enough to switch succession of chown and chmod but who cares)
+ - CAP_DAC_OVERRIDE - force changes if parent dir has 000 perm, ie vservers 
+
+--- syslog-ng-3.0.8/src/afunix.c~	2010-05-05 11:26:57.000000000 +0200
++++ syslog-ng-3.0.8/src/afunix.c	2010-09-29 12:46:13.826955835 +0200
+@@ -24,6 +24,7 @@
+ #include "afunix.h"
+ #include "misc.h"
+ #include "messages.h"
++#include "gprocess.h"
+ 
+ #include <sys/types.h>
+ #include <sys/socket.h>
+@@ -65,9 +65,14 @@ static gboolean
+ afunix_sd_init(LogPipe *s)
+ {
+   AFUnixSourceDriver *self = (AFUnixSourceDriver *) s;
++  cap_t saved_caps;
+   
+   if (afsocket_sd_init(s))
+     {
++      saved_caps = g_process_cap_save();
++      g_process_cap_modify(CAP_CHOWN, TRUE);
++      g_process_cap_modify(CAP_FOWNER, TRUE);
++      g_process_cap_modify(CAP_DAC_OVERRIDE, TRUE);
+       /* change ownership separately, as chgrp may succeed while chown may not */
+       if (self->owner >= 0)
+         chown(self->filename, (uid_t) self->owner, -1);
+@@ -75,6 +79,7 @@ afunix_sd_init(LogPipe *s)
+         chown(self->filename, -1, (gid_t) self->group);
+       if (self->perm >= 0)
+         chmod(self->filename, (mode_t) self->perm);
++      g_process_cap_restore(saved_caps);
+       return TRUE;
+     }
+   return FALSE;
================================================================


More information about the pld-cvs-commit mailing list