From patchwork Tue Apr 3 13:12:14 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michal Privoznik X-Patchwork-Id: 10321053 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id A64CD60390 for ; Tue, 3 Apr 2018 13:13:45 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CDADC28B90 for ; Tue, 3 Apr 2018 13:13:30 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C238628BAF; Tue, 3 Apr 2018 13:13:30 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 7B63F28B90 for ; Tue, 3 Apr 2018 13:13:30 +0000 (UTC) Received: from localhost ([::1]:33525 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1f3Lkf-0003T7-NB for patchwork-qemu-devel@patchwork.kernel.org; Tue, 03 Apr 2018 09:13:29 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:48028) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1f3Ljh-0002kc-N2 for qemu-devel@nongnu.org; Tue, 03 Apr 2018 09:12:35 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1f3Ljg-0001I5-1E for qemu-devel@nongnu.org; Tue, 03 Apr 2018 09:12:29 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:33390 helo=mx1.redhat.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1f3Ljf-0001Hs-TJ for qemu-devel@nongnu.org; Tue, 03 Apr 2018 09:12:27 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 925E7402314E for ; Tue, 3 Apr 2018 13:12:27 +0000 (UTC) Received: from localhost.localdomain (ovpn-204-54.brq.redhat.com [10.40.204.54]) by smtp.corp.redhat.com (Postfix) with ESMTP id CF7447C3C; Tue, 3 Apr 2018 13:12:26 +0000 (UTC) From: Michal Privoznik To: qemu-devel@nongnu.org Date: Tue, 3 Apr 2018 15:12:14 +0200 Message-Id: <6fe03e3d464c44ed638484ab558a771076d5c11f.1522760575.git.mprivozn@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); Tue, 03 Apr 2018 13:12:27 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); Tue, 03 Apr 2018 13:12:27 +0000 (UTC) for IP:'10.11.54.5' DOMAIN:'int-mx05.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'mprivozn@redhat.com' RCPT:'' X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 66.187.233.73 Subject: [Qemu-devel] [PATCH 1/2] qemu-pr-helper: Daemonize before dropping privileges X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: pbonzini@redhat.com, famz@redhat.com Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP After we've dropped privileges it might be not possible to write pidfile. For instance, if this binary is run as root (because user wants it to write pidfile to some privileged location) writing pidfile fails because privileges are dropped before we even get to that. Signed-off-by: Michal Privoznik --- scsi/qemu-pr-helper.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/scsi/qemu-pr-helper.c b/scsi/qemu-pr-helper.c index 21e1b8ea60..eeff80acf2 100644 --- a/scsi/qemu-pr-helper.c +++ b/scsi/qemu-pr-helper.c @@ -1081,13 +1081,6 @@ int main(int argc, char **argv) accept_client, NULL, NULL); -#ifdef CONFIG_LIBCAP - if (drop_privileges() < 0) { - error_report("Failed to drop privileges: %s", strerror(errno)); - exit(EXIT_FAILURE); - } -#endif - if (daemonize) { if (daemon(0, 0) < 0) { error_report("Failed to daemonize: %s", strerror(errno)); @@ -1096,6 +1089,13 @@ int main(int argc, char **argv) write_pidfile(); } +#ifdef CONFIG_LIBCAP + if (drop_privileges() < 0) { + error_report("Failed to drop privileges: %s", strerror(errno)); + exit(EXIT_FAILURE); + } +#endif + state = RUNNING; do { main_loop_wait(false);