diff mbox series

[1/2] qemu-pr-helper: Daemonize before dropping privileges

Message ID 6fe03e3d464c44ed638484ab558a771076d5c11f.1522760575.git.mprivozn@redhat.com
State New
Headers show
Series Couple of qemu-pr-helper fixes | expand

Commit Message

Michal Prívozník April 3, 2018, 1:12 p.m. UTC 
After we've dropped privileges it might be not possible to write
pidfile. For instance, if this binary is run as root (because
user wants it to write pidfile to some privileged location)
writing pidfile fails because privileges are dropped before we
even get to that.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 scsi/qemu-pr-helper.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)
diff mbox series

Patch

diff --git a/scsi/qemu-pr-helper.c b/scsi/qemu-pr-helper.c
index 21e1b8ea60..eeff80acf2 100644
--- a/scsi/qemu-pr-helper.c
+++ b/scsi/qemu-pr-helper.c
@@ -1081,13 +1081,6 @@  int main(int argc, char **argv)
                                          accept_client,
                                          NULL, NULL);
 
-#ifdef CONFIG_LIBCAP
-    if (drop_privileges() < 0) {
-        error_report("Failed to drop privileges: %s", strerror(errno));
-        exit(EXIT_FAILURE);
-    }
-#endif
-
     if (daemonize) {
         if (daemon(0, 0) < 0) {
             error_report("Failed to daemonize: %s", strerror(errno));
@@ -1096,6 +1089,13 @@  int main(int argc, char **argv)
         write_pidfile();
     }
 
+#ifdef CONFIG_LIBCAP
+    if (drop_privileges() < 0) {
+        error_report("Failed to drop privileges: %s", strerror(errno));
+        exit(EXIT_FAILURE);
+    }
+#endif
+
     state = RUNNING;
     do {
         main_loop_wait(false);