From patchwork Fri Apr 6 17:11:16 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 895797 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=2001:4830:134:3::11; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="HYTxnBYb"; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 40HmrM3ZJRz9s0y for ; Sat, 7 Apr 2018 03:28:35 +1000 (AEST) Received: from localhost ([::1]:41094 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1f4VA9-0005zc-E5 for incoming@patchwork.ozlabs.org; Fri, 06 Apr 2018 13:28:33 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:36427) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1f4Utu-0007zv-L5 for qemu-devel@nongnu.org; Fri, 06 Apr 2018 13:11:47 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1f4Utt-0007s8-RK for qemu-devel@nongnu.org; Fri, 06 Apr 2018 13:11:46 -0400 Received: from mail-wm0-x244.google.com ([2a00:1450:400c:c09::244]:33909) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1f4Utt-0007qi-KC for qemu-devel@nongnu.org; Fri, 06 Apr 2018 13:11:45 -0400 Received: by mail-wm0-x244.google.com with SMTP id w2so8775092wmw.1 for ; Fri, 06 Apr 2018 10:11:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=JXIABkhXddAYxmZwUnlKOvkmXwJdVrIGloDkgSG0iWg=; b=HYTxnBYbuei1rSB3HFtUr/MXBxQ65L1eEoTg5ucKd2VaX+Vs6pZb48qgiqWIWv1VtJ oGNssn+/kSwG3xm76mUr+NjJcCp/Dy6c4lfp91/Shi58VMf9fnlM4mIncgevw4q2NUnG WD+0VkT6NLN9O3ytacN9REX6r6EqRDSjFRw7mQDEsx6dC0sZC+Li7q/S4GmbJzwJX2RH X6r3cyj2e+xcRGG0aOuDCEpb0rbfPrXNMyKpsyPDiAkLlfI3SBz/2L1Hr1LsKKPlQs0a 2tWgZ+Tp2y/X27qUUctgWaV9n2fHAkBfsCMmDyySOYQN/Rrhb1qUIm5yh89vTLUtKRr5 f7YA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=JXIABkhXddAYxmZwUnlKOvkmXwJdVrIGloDkgSG0iWg=; b=l4KyD6uJiL6vx4b81xdm98ADCNMsO0Y3smdMt1og6QQHKHDfPkwi4/oxEjuxvWr0U9 4V8GC4e33WeBADkNQrBDSVAL+eGLaS7BQRL7LvcUpg2WpMFiB+Mgo5rOOIRX+Go1UC2l ScPvKinaMpvqZIvNyspDjoP9A2X7u+agAtGqWBQJzbJP8xYVMWVo9HN8XTNfbgfUXDaf CATSQxeXahRCujtGAkOZ1oa2yxOFjEvarbup3QaYImGZkd9+X3dVBaPyEPi5oX52u7p6 1mstwBo2JPc8jikY0CBWF2miOY73Lxdo0KKu0nH+w/lJrwtd+xJNwtIIMfOs1C1l4yBP 5kCw== X-Gm-Message-State: AElRT7HGEWh0q0mpvE9wne8+nLeZhSsVdlmkWAOq8QBjlW11I45TEF1G g8bJCT95+fBbqiX19OoAOudRbwhK X-Google-Smtp-Source: AIpwx48gH4Iyest4lrtxd3XBKFpW4PLL4TzN0UPC0sPr2E60a3qGDM/tyaVhMLEhQy1nM2L9e+KsjA== X-Received: by 10.28.15.83 with SMTP id 80mr13765527wmp.151.1523034704285; Fri, 06 Apr 2018 10:11:44 -0700 (PDT) Received: from 640k.lan (94-36-194-48.adsl-ull.clienti.tiscali.it. [94.36.194.48]) by smtp.gmail.com with ESMTPSA id 24sm16286180wrt.60.2018.04.06.10.11.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 06 Apr 2018 10:11:43 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Date: Fri, 6 Apr 2018 19:11:16 +0200 Message-Id: <1523034681-33787-16-git-send-email-pbonzini@redhat.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1523034681-33787-1-git-send-email-pbonzini@redhat.com> References: <1523034681-33787-1-git-send-email-pbonzini@redhat.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c09::244 Subject: [Qemu-devel] [PULL 15/20] qemu-pr-helper: Daemonize before dropping privileges X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michal Privoznik Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" From: Michal Privoznik After we've dropped privileges it might be not possible to write pidfile. For instance, if this binary is run as root (because user wants it to write pidfile to some privileged location) writing pidfile fails because privileges are dropped before we even get to that. Signed-off-by: Michal Privoznik Signed-off-by: Paolo Bonzini --- scsi/qemu-pr-helper.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/scsi/qemu-pr-helper.c b/scsi/qemu-pr-helper.c index 21e1b8e..eeff80a 100644 --- a/scsi/qemu-pr-helper.c +++ b/scsi/qemu-pr-helper.c @@ -1081,13 +1081,6 @@ int main(int argc, char **argv) accept_client, NULL, NULL); -#ifdef CONFIG_LIBCAP - if (drop_privileges() < 0) { - error_report("Failed to drop privileges: %s", strerror(errno)); - exit(EXIT_FAILURE); - } -#endif - if (daemonize) { if (daemon(0, 0) < 0) { error_report("Failed to daemonize: %s", strerror(errno)); @@ -1096,6 +1089,13 @@ int main(int argc, char **argv) write_pidfile(); } +#ifdef CONFIG_LIBCAP + if (drop_privileges() < 0) { + error_report("Failed to drop privileges: %s", strerror(errno)); + exit(EXIT_FAILURE); + } +#endif + state = RUNNING; do { main_loop_wait(false);