vppinfra: change fchmod to umask for unix socket
Setting g+w permission for unix sockets didn't work. There were
two problems:
1. new flag local_only wasn't set for all AF_UNIX sockets;
2. fchmod is not a good choice for sockets.
fchmod was replaced with couple of umasks, and local_only with
socket type check.
Type: fix
Fixes: 085757bb49
Change-Id: I8dc0fceb110a36bfa234f552bbdf182e09e55e27
Signed-off-by: Georgy Borodin <bor1-go@yandex-team.ru>
This commit is contained in:
Georgy Borodin
committed by
Damjan Marion
Damjan Marion
parent
8beddaf5b4
commit
dc26d50426
@ -671,11 +671,24 @@ clib_socket_init (clib_socket_t *s)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (need_bind && bind (s->fd, sa, addr_len) < 0)
|
if (need_bind)
|
||||||
{
|
{
|
||||||
err =
|
int bind_ret;
|
||||||
clib_error_return_unix (0, "bind (fd %d, '%s')", s->fd, s->config);
|
if (sa->sa_family == AF_UNIX && s->allow_group_write)
|
||||||
goto done;
|
{
|
||||||
|
mode_t def_restrictions = umask (S_IWOTH);
|
||||||
|
bind_ret = bind (s->fd, sa, addr_len);
|
||||||
|
umask (def_restrictions);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
bind_ret = bind (s->fd, sa, addr_len);
|
||||||
|
|
||||||
|
if (bind_ret < 0)
|
||||||
|
{
|
||||||
|
err = clib_error_return_unix (0, "bind (fd %d, '%s')", s->fd,
|
||||||
|
s->config);
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (listen (s->fd, 5) < 0)
|
if (listen (s->fd, 5) < 0)
|
||||||
@ -684,16 +697,6 @@ clib_socket_init (clib_socket_t *s)
|
|||||||
s->config);
|
s->config);
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (s->local_only && s->allow_group_write)
|
|
||||||
{
|
|
||||||
if (fchmod (s->fd, S_IWGRP) < 0)
|
|
||||||
{
|
|
||||||
err = clib_error_return_unix (
|
|
||||||
0, "fchmod (fd %d, '%s', mode S_IWGRP)", s->fd, s->config);
|
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
|||||||
Reference in New Issue
Block a user