Главная Обзор Помощь
Вход
LBP
/
corosync-qdevice
зеркало из https://github.com/corosync/corosync-qdevice
4
0
Ответвить 0
Файлы Задачи 0 Вики
Просмотр исходного кода

qdevice: Add option to change socket file gid

Both qnetd and qdevice are not changing gid so local socket file
was usually not accessible by user if daemon is running as a root.

This is mainly problem if it is needed to run corosync-qdevice-tool as
non-root user.

Patch adds advanced option (local_socket_gid) which allows to change
group ownership after socket is created.

Signed-off-by: Jan Friesse <jfriesse@redhat.com>
Jan Friesse 4 месяцев назад
Родитель
7825fc37e0
Сommit
b0278e6987
12 измененных файлов с 41 добавлено и 10 удалено
Единый вид Показать статистику Diff
  1. 6 1
      man/corosync-qdevice.8
  2. 6 1
      man/corosync-qnetd.8
  3. 5 0
      qdevices/qdevice-advanced-settings.c
  4. 1 0
      qdevices/qdevice-advanced-settings.h
  5. 1 0
      qdevices/qdevice-ipc.c
  6. 5 0
      qdevices/qnetd-advanced-settings.c
  7. 1 0
      qdevices/qnetd-advanced-settings.h
  8. 1 0
      qdevices/qnetd-ipc.c
  9. 3 3
      qdevices/unix-socket-ipc.c
  10. 1 1
      qdevices/unix-socket-ipc.h
  11. 9 3
      qdevices/unix-socket.c
  12. 2 1
      qdevices/unix-socket.h

+ 6 - 1
man/corosync-qdevice.8
Просмотреть файл 

@@ -31,7 +31,7 @@
 
 .\" * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
 
 .\" * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
 
 .\" * THE POSSIBILITY OF SUCH DAMAGE.
 
 .\" * THE POSSIBILITY OF SUCH DAMAGE.
 
 .\" */
 
 .\" */
 
-.TH COROSYNC-QDEVICE 8 2025-10-13
 
+.TH COROSYNC-QDEVICE 8 2025-10-16
 
 .SH NAME
 
 .SH NAME
 
 corosync-qdevice \- QDevice daemon
 
 corosync-qdevice \- QDevice daemon
 
 .SH SYNOPSIS
 
 .SH SYNOPSIS
 
@@ -361,6 +361,11 @@ Internal IPC socket file location. (/var/run/corosync-qdevice/corosync-qdevice.s
 
 Octal value of umask used before creating of internal IPC socket file or empty if umask
 
 Octal value of umask used before creating of internal IPC socket file or empty if umask
 
 shouldn't be modified. ()
 
 shouldn't be modified. ()
 
 .TP
 
 .TP
 
+.B local_socket_gid
 
+Sets the group ownership for the internal IPC socket file.
 
+This can be specified as a group name or a numeric GID.
 
+An empty value or the default of -1 leaves the group ownership unchanged. (-1)
 
+.TP
 
 .B local_socket_backlog
 
 .B local_socket_backlog
 
 Parameter passed to listen syscall. (10)
 
 Parameter passed to listen syscall. (10)
 
 .TP
 
 .TP

+ 6 - 1
man/corosync-qnetd.8
Просмотреть файл 

@@ -31,7 +31,7 @@
 
 .\" * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
 
 .\" * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
 
 .\" * THE POSSIBILITY OF SUCH DAMAGE.
 
 .\" * THE POSSIBILITY OF SUCH DAMAGE.
 
 .\" */
 
 .\" */
 
-.TH COROSYNC-QNETD 8 2025-10-13
 
+.TH COROSYNC-QNETD 8 2025-10-16
 
 .SH NAME
 
 .SH NAME
 
 corosync-qnetd \- QNet daemon
 
 corosync-qnetd \- QNet daemon
 
 .SH SYNOPSIS
 
 .SH SYNOPSIS
 
@@ -230,6 +230,11 @@ Internal IPC socket file location. (/var/run/corosync-qnetd/corosync-qnetd.sock)
 
 Octal value of umask used before creating of internal IPC socket file or empty if umask
 
 Octal value of umask used before creating of internal IPC socket file or empty if umask
 
 shouldn't be modified. ()
 
 shouldn't be modified. ()
 
 .TP
 
 .TP
 
+.B local_socket_gid
 
+Sets the group ownership for the internal IPC socket file.
 
+This can be specified as a group name or a numeric GID.
 
+An empty value or the default of -1 leaves the group ownership unchanged. (-1)
 
+.TP
 
 .B local_socket_backlog
 
 .B local_socket_backlog
 
 Parameter passed to listen syscall on the local socket. (10)
 
 Parameter passed to listen syscall on the local socket. (10)
 
 .TP
 
 .TP

+ 5 - 0
qdevices/qdevice-advanced-settings.c
Просмотреть файл 

@@ -61,6 +61,7 @@ qdevice_advanced_settings_init(struct qdevice_advanced_settings *settings)
 
 		return (-1);
 
 		return (-1);
 
 	}
 
 	}
 
 	settings->set_local_socket_umask = 0;
 
 	settings->set_local_socket_umask = 0;
 
+	settings->local_socket_gid = -1;
 
 	settings->local_socket_backlog = QDEVICE_DEFAULT_LOCAL_SOCKET_BACKLOG;
 
 	settings->local_socket_backlog = QDEVICE_DEFAULT_LOCAL_SOCKET_BACKLOG;
 
 	settings->max_cs_try_again = QDEVICE_DEFAULT_MAX_CS_TRY_AGAIN;
 
 	settings->max_cs_try_again = QDEVICE_DEFAULT_MAX_CS_TRY_AGAIN;
 
 	if ((settings->votequorum_device_name = strdup(QDEVICE_DEFAULT_VOTEQUORUM_DEVICE_NAME)) == NULL) {
 
 	if ((settings->votequorum_device_name = strdup(QDEVICE_DEFAULT_VOTEQUORUM_DEVICE_NAME)) == NULL) {
 
@@ -150,6 +151,10 @@ qdevice_advanced_settings_set(struct qdevice_advanced_settings *settings,
 
 		    &settings->local_socket_umask) != 0) {
 
 		    &settings->local_socket_umask) != 0) {
 
 			return (-2);
 
 			return (-2);
 
 		}
 
 		}
 
+	} else if (strcasecmp(option, "local_socket_gid") == 0) {
 
+		if (utils_get_group_gid(value, &settings->local_socket_gid) != 0) {
 
+			return (-2);
 
+		}
 
 	} else if (strcasecmp(option, "local_socket_backlog") == 0) {
 
 	} else if (strcasecmp(option, "local_socket_backlog") == 0) {
 
 		if (utils_strtonum(value, QDEVICE_MIN_LOCAL_SOCKET_BACKLOG, INT_MAX, &tmpll) == -1) {
 
 		if (utils_strtonum(value, QDEVICE_MIN_LOCAL_SOCKET_BACKLOG, INT_MAX, &tmpll) == -1) {
 
 			return (-2);
 
 			return (-2);

+ 1 - 0
qdevices/qdevice-advanced-settings.h
Просмотреть файл 

@@ -52,6 +52,7 @@ struct qdevice_advanced_settings {
 
 	char *local_socket_file;
 
 	char *local_socket_file;
 
 	int set_local_socket_umask;
 
 	int set_local_socket_umask;
 
 	mode_t local_socket_umask;
 
 	mode_t local_socket_umask;
 
+	gid_t local_socket_gid;
 
 	int local_socket_backlog;
 
 	int local_socket_backlog;
 
 	int max_cs_try_again;
 
 	int max_cs_try_again;
 
 	char *votequorum_device_name;
 
 	char *votequorum_device_name;

+ 1 - 0
qdevices/qdevice-ipc.c
Просмотреть файл 

@@ -177,6 +177,7 @@ qdevice_ipc_init(struct qdevice_instance *instance)
 
 	    instance->advanced_settings->local_socket_file,
 
 	    instance->advanced_settings->local_socket_file,
 
 	    instance->advanced_settings->set_local_socket_umask,
 
 	    instance->advanced_settings->set_local_socket_umask,
 
 	    instance->advanced_settings->local_socket_umask,
 
 	    instance->advanced_settings->local_socket_umask,
 
+	    instance->advanced_settings->local_socket_gid,
 
 	    instance->advanced_settings->local_socket_backlog,
 
 	    instance->advanced_settings->local_socket_backlog,
 
 	    instance->advanced_settings->ipc_max_clients,
 
 	    instance->advanced_settings->ipc_max_clients,
 
 	    instance->advanced_settings->ipc_max_receive_size,
 
 	    instance->advanced_settings->ipc_max_receive_size,

+ 5 - 0
qdevices/qnetd-advanced-settings.c
Просмотреть файл 

@@ -74,6 +74,7 @@ qnetd_advanced_settings_init(struct qnetd_advanced_settings *settings)
 
 		return (-1);
 
 		return (-1);
 
 	}
 
 	}
 
 	settings->set_local_socket_umask = 0;
 
 	settings->set_local_socket_umask = 0;
 
+	settings->local_socket_gid = -1;
 
 	settings->local_socket_backlog = QNETD_DEFAULT_LOCAL_SOCKET_BACKLOG;
 
 	settings->local_socket_backlog = QNETD_DEFAULT_LOCAL_SOCKET_BACKLOG;
 
 	settings->ipc_max_clients = QNETD_DEFAULT_IPC_MAX_CLIENTS;
 
 	settings->ipc_max_clients = QNETD_DEFAULT_IPC_MAX_CLIENTS;
 
 	settings->ipc_max_receive_size = QNETD_DEFAULT_IPC_MAX_RECEIVE_SIZE;
 
 	settings->ipc_max_receive_size = QNETD_DEFAULT_IPC_MAX_RECEIVE_SIZE;
 
@@ -187,6 +188,10 @@ qnetd_advanced_settings_set(struct qnetd_advanced_settings *settings,
 
 		    &settings->local_socket_umask) != 0) {
 
 		    &settings->local_socket_umask) != 0) {
 
 			return (-2);
 
 			return (-2);
 
 		}
 
 		}
 
+	} else if (strcasecmp(option, "local_socket_gid") == 0) {
 
+		if (utils_get_group_gid(value, &settings->local_socket_gid) != 0) {
 
+			return (-2);
 
+		}
 
 	} else if (strcasecmp(option, "local_socket_backlog") == 0) {
 
 	} else if (strcasecmp(option, "local_socket_backlog") == 0) {
 
 		if (utils_strtonum(value, QNETD_MIN_LOCAL_SOCKET_BACKLOG, INT_MAX, &tmpll) == -1) {
 
 		if (utils_strtonum(value, QNETD_MIN_LOCAL_SOCKET_BACKLOG, INT_MAX, &tmpll) == -1) {
 
 			return (-2);
 
 			return (-2);

+ 1 - 0
qdevices/qnetd-advanced-settings.h
Просмотреть файл 

@@ -55,6 +55,7 @@ struct qnetd_advanced_settings {
 
 	char *local_socket_file;
 
 	char *local_socket_file;
 
 	int set_local_socket_umask;
 
 	int set_local_socket_umask;
 
 	mode_t local_socket_umask;
 
 	mode_t local_socket_umask;
 
+	gid_t local_socket_gid;
 
 	int local_socket_backlog;
 
 	int local_socket_backlog;
 
 	size_t ipc_max_clients;
 
 	size_t ipc_max_clients;
 
 	size_t ipc_max_send_size;
 
 	size_t ipc_max_send_size;

+ 1 - 0
qdevices/qnetd-ipc.c
Просмотреть файл 

@@ -177,6 +177,7 @@ qnetd_ipc_init(struct qnetd_instance *instance)
 
 	    instance->advanced_settings->local_socket_file,
 
 	    instance->advanced_settings->local_socket_file,
 
 	    instance->advanced_settings->set_local_socket_umask,
 
 	    instance->advanced_settings->set_local_socket_umask,
 
 	    instance->advanced_settings->local_socket_umask,
 
 	    instance->advanced_settings->local_socket_umask,
 
+	    instance->advanced_settings->local_socket_gid,
 
 	    instance->advanced_settings->local_socket_backlog,
 
 	    instance->advanced_settings->local_socket_backlog,
 
 	    instance->advanced_settings->ipc_max_clients,
 
 	    instance->advanced_settings->ipc_max_clients,
 
 	    instance->advanced_settings->ipc_max_receive_size,
 
 	    instance->advanced_settings->ipc_max_receive_size,

+ 3 - 3
qdevices/unix-socket-ipc.c
Просмотреть файл 

@@ -40,8 +40,8 @@
 
 
 
 int
 
 int
 
 unix_socket_ipc_init(struct unix_socket_ipc *ipc, const char *socket_file_name,
 
 unix_socket_ipc_init(struct unix_socket_ipc *ipc, const char *socket_file_name,
 
-    int set_socket_umask, mode_t socket_umask, int backlog, size_t max_clients,
 
-    size_t max_receive_size, size_t max_send_size)
 
+    int set_socket_umask, mode_t socket_umask, gid_t socket_gid, int backlog,
 
+    size_t max_clients, size_t max_receive_size, size_t max_send_size)
 
 {
 
 {
 
 
 
 	memset(ipc, 0, sizeof(*ipc));
 
 	memset(ipc, 0, sizeof(*ipc));
 
@@ -55,7 +55,7 @@ unix_socket_ipc_init(struct unix_socket_ipc *ipc, const char *socket_file_name,
 
 
 
 	ipc->backlog = backlog;
 
 	ipc->backlog = backlog;
 
 	ipc->socket = unix_socket_server_create(ipc->socket_file_name,
 
 	ipc->socket = unix_socket_server_create(ipc->socket_file_name,
 
-	    set_socket_umask, socket_umask, 1, backlog);
 
+	    set_socket_umask, socket_umask, socket_gid, 1, backlog);
 
 	if (ipc->socket < 0) {
 
 	if (ipc->socket < 0) {
 
 		free(ipc->socket_file_name);
 
 		free(ipc->socket_file_name);
 
 		return (-1);
 
 		return (-1);

+ 1 - 1
qdevices/unix-socket-ipc.h
Просмотреть файл 

@@ -54,7 +54,7 @@ struct unix_socket_ipc {
 
 
 
 extern int		unix_socket_ipc_init(struct unix_socket_ipc *ipc,
 
 extern int		unix_socket_ipc_init(struct unix_socket_ipc *ipc,
 
     const char *socket_file_name, int set_socket_umask, mode_t socket_umask,
 
     const char *socket_file_name, int set_socket_umask, mode_t socket_umask,
 
-    int backlog, size_t max_clients, size_t max_receive_size,
 
+    gid_t socket_gid, int backlog, size_t max_clients, size_t max_receive_size,
 
     size_t max_send_size);
 
     size_t max_send_size);
 
 
 
 extern int		unix_socket_ipc_destroy(struct unix_socket_ipc *ipc);
 
 extern int		unix_socket_ipc_destroy(struct unix_socket_ipc *ipc);

+ 9 - 3
qdevices/unix-socket.c
Просмотреть файл 

@@ -46,7 +46,7 @@
 
 
 
 int
 
 int
 
 unix_socket_server_create(const char *path, int set_socket_umask, mode_t socket_umask,
 
 unix_socket_server_create(const char *path, int set_socket_umask, mode_t socket_umask,
 
-    int non_blocking, int backlog)
 
+    gid_t socket_gid, int non_blocking, int backlog)
 
 {
 
 {
 
 	int s;
 
 	int s;
 
 	struct sockaddr_un sun;
 
 	struct sockaddr_un sun;
 
@@ -78,6 +78,14 @@ unix_socket_server_create(const char *path, int set_socket_umask, mode_t socket_
 
 		(void)umask(old_umask);
 
 		(void)umask(old_umask);
 
 	}
 
 	}
 
 
 
+	if (socket_gid != -1) {
 
+		if (chown(path, -1, socket_gid) != 0) {
 
+			close(s);
 
+
 
+			return (-1);
 
+		}
 
+	}
 
+
 
 	if (bind_res != 0) {
 
 	if (bind_res != 0) {
 
 		close(s);
 
 		close(s);
 
 
 
@@ -138,8 +146,6 @@ unix_socket_client_create(const char *path, int non_blocking)
 
 	return (s);
 
 	return (s);
 
 }
 
 }
 
 
 
-
 
-
 
 int
 
 int
 
 unix_socket_server_destroy(int sock, const char *path)
 
 unix_socket_server_destroy(int sock, const char *path)
 
 {
 
 {

+ 2 - 1
qdevices/unix-socket.h
Просмотреть файл 

@@ -44,7 +44,8 @@ extern "C" {
 
 #endif
 
 #endif
 
 
 
 extern int		unix_socket_server_create(const char *path,
 
 extern int		unix_socket_server_create(const char *path,
 
-    int set_socket_umask, mode_t socket_umask, int non_blocking, int backlog);
 
+    int set_socket_umask, mode_t socket_umask, gid_t socket_gid,
 
+    int non_blocking, int backlog);
 
 
 
 extern int		unix_socket_client_create(const char *path, int non_blocking);
 
 extern int		unix_socket_client_create(const char *path, int non_blocking);