mirror of
https://github.com/systemd/systemd
synced 2024-09-16 06:43:18 +00:00
Merge pull request #7903 from yuwata/fix-7863
network: create runtime sub-directories after drop_privileges()
This commit is contained in:
commit
52ffb3d2e9
|
@ -53,24 +53,13 @@ int main(int argc, char *argv[]) {
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Always create the directories people can create inotify
|
/* Create runtime directory. This is not necessary when networkd is
|
||||||
* watches in. */
|
* started with "RuntimeDirectory=systemd/netif", or after
|
||||||
|
* systemd-tmpfiles-setup.service. */
|
||||||
r = mkdir_safe_label("/run/systemd/netif", 0755, uid, gid, false);
|
r = mkdir_safe_label("/run/systemd/netif", 0755, uid, gid, false);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
log_warning_errno(r, "Could not create runtime directory: %m");
|
log_warning_errno(r, "Could not create runtime directory: %m");
|
||||||
|
|
||||||
r = mkdir_safe_label("/run/systemd/netif/links", 0755, uid, gid, false);
|
|
||||||
if (r < 0)
|
|
||||||
log_warning_errno(r, "Could not create runtime directory 'links': %m");
|
|
||||||
|
|
||||||
r = mkdir_safe_label("/run/systemd/netif/leases", 0755, uid, gid, false);
|
|
||||||
if (r < 0)
|
|
||||||
log_warning_errno(r, "Could not create runtime directory 'leases': %m");
|
|
||||||
|
|
||||||
r = mkdir_safe_label("/run/systemd/netif/lldp", 0755, uid, gid, false);
|
|
||||||
if (r < 0)
|
|
||||||
log_warning_errno(r, "Could not create runtime directory 'lldp': %m");
|
|
||||||
|
|
||||||
/* Drop privileges, but only if we have been started as root. If we are not running as root we assume all
|
/* Drop privileges, but only if we have been started as root. If we are not running as root we assume all
|
||||||
* privileges are already dropped. */
|
* privileges are already dropped. */
|
||||||
if (geteuid() == 0) {
|
if (geteuid() == 0) {
|
||||||
|
@ -83,6 +72,21 @@ int main(int argc, char *argv[]) {
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Always create the directories people can create inotify watches in.
|
||||||
|
* It is necessary to create the following subdirectories after drop_privileges()
|
||||||
|
* to support old kernels not supporting AmbientCapabilities=. */
|
||||||
|
r = mkdir_safe_label("/run/systemd/netif/links", 0755, uid, gid, false);
|
||||||
|
if (r < 0)
|
||||||
|
log_warning_errno(r, "Could not create runtime directory 'links': %m");
|
||||||
|
|
||||||
|
r = mkdir_safe_label("/run/systemd/netif/leases", 0755, uid, gid, false);
|
||||||
|
if (r < 0)
|
||||||
|
log_warning_errno(r, "Could not create runtime directory 'leases': %m");
|
||||||
|
|
||||||
|
r = mkdir_safe_label("/run/systemd/netif/lldp", 0755, uid, gid, false);
|
||||||
|
if (r < 0)
|
||||||
|
log_warning_errno(r, "Could not create runtime directory 'lldp': %m");
|
||||||
|
|
||||||
assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGTERM, SIGINT, -1) >= 0);
|
assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGTERM, SIGINT, -1) >= 0);
|
||||||
|
|
||||||
r = sd_event_default(&event);
|
r = sd_event_default(&event);
|
||||||
|
|
|
@ -66,6 +66,7 @@ static int load_clock_timestamp(uid_t uid, gid_t gid) {
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(errno, "Failed to change file access mode: %m");
|
return log_error_errno(errno, "Failed to change file access mode: %m");
|
||||||
r = fchown(fd, uid, gid);
|
r = fchown(fd, uid, gid);
|
||||||
|
if (r < 0)
|
||||||
return log_error_errno(errno, "Failed to change file owner: %m");
|
return log_error_errno(errno, "Failed to change file owner: %m");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue