From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: Michal Privoznik <mprivozn@redhat.com>
Subject: [Qemu-devel] [PULL 15/20] qemu-pr-helper: Daemonize before dropping privileges
Date: Fri, 6 Apr 2018 19:11:16 +0200 [thread overview]
Message-ID: <1523034681-33787-16-git-send-email-pbonzini@redhat.com> (raw)
In-Reply-To: <1523034681-33787-1-git-send-email-pbonzini@redhat.com>
From: Michal Privoznik <mprivozn@redhat.com>
After we've dropped privileges it might be not possible to write
pidfile. For instance, if this binary is run as root (because
user wants it to write pidfile to some privileged location)
writing pidfile fails because privileges are dropped before we
even get to that.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
scsi/qemu-pr-helper.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/scsi/qemu-pr-helper.c b/scsi/qemu-pr-helper.c
index 21e1b8e..eeff80a 100644
--- a/scsi/qemu-pr-helper.c
+++ b/scsi/qemu-pr-helper.c
@@ -1081,13 +1081,6 @@ int main(int argc, char **argv)
accept_client,
NULL, NULL);
-#ifdef CONFIG_LIBCAP
- if (drop_privileges() < 0) {
- error_report("Failed to drop privileges: %s", strerror(errno));
- exit(EXIT_FAILURE);
- }
-#endif
-
if (daemonize) {
if (daemon(0, 0) < 0) {
error_report("Failed to daemonize: %s", strerror(errno));
@@ -1096,6 +1089,13 @@ int main(int argc, char **argv)
write_pidfile();
}
+#ifdef CONFIG_LIBCAP
+ if (drop_privileges() < 0) {
+ error_report("Failed to drop privileges: %s", strerror(errno));
+ exit(EXIT_FAILURE);
+ }
+#endif
+
state = RUNNING;
do {
main_loop_wait(false);
--
1.8.3.1
next prev parent reply other threads:[~2018-04-06 17:11 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-06 17:11 [Qemu-devel] [PULL 00/20] Miscellaneous patches for QEMU 2.12-rc Paolo Bonzini
2018-04-06 17:11 ` [Qemu-devel] [PULL 01/20] sys_membarrier: fix up include directives Paolo Bonzini
2018-04-06 17:44 ` Eric Blake
2018-04-06 17:11 ` [Qemu-devel] [PULL 02/20] target/i386: Fix andn instruction Paolo Bonzini
2018-04-06 17:11 ` [Qemu-devel] [PULL 03/20] scripts/checkpatch.pl: Bug fix Paolo Bonzini
2018-04-06 17:11 ` [Qemu-devel] [PULL 04/20] memfd: fix vhost-user-test on non-memfd capable host Paolo Bonzini
2018-04-06 17:11 ` [Qemu-devel] [PULL 05/20] target/i386: WHPX: set CPUID_EXT_HYPERVISOR bit Paolo Bonzini
2018-04-06 17:11 ` [Qemu-devel] [PULL 06/20] i386/hyperv: add hv-frequencies cpu property Paolo Bonzini
2018-04-06 17:11 ` [Qemu-devel] [PULL 07/20] i386/hyperv: error out if features requested but unsupported Paolo Bonzini
2018-04-06 17:11 ` [Qemu-devel] [PULL 08/20] configure: Add missing configure options to help text Paolo Bonzini
2018-04-06 17:11 ` [Qemu-devel] [PULL 09/20] scsi-disk: Don't enlarge min_io_size to max_io_size Paolo Bonzini
2018-04-06 17:11 ` [Qemu-devel] [PULL 10/20] scsi-disk: allow customizing the SCSI version Paolo Bonzini
2018-04-06 17:11 ` [Qemu-devel] [PULL 11/20] hw/scsi: support SCSI-2 passthrough without PI Paolo Bonzini
2018-04-06 17:11 ` [Qemu-devel] [PULL 12/20] hw/dma/i82374: Avoid double creation of the 82374 controller Paolo Bonzini
2018-04-06 17:11 ` [Qemu-devel] [PULL 13/20] kvmclock: fix clock_is_reliable on migration from QEMU < 2.9 Paolo Bonzini
2018-04-06 17:11 ` [Qemu-devel] [PULL 14/20] virtio-serial: fix heapover-flow Paolo Bonzini
2018-04-06 17:11 ` Paolo Bonzini [this message]
2018-04-06 17:11 ` [Qemu-devel] [PULL 16/20] qemu-pr-helper: Write pidfile more often Paolo Bonzini
2018-04-06 17:11 ` [Qemu-devel] [PULL 17/20] device-crash-test: Remove fixed isa-fdc entry Paolo Bonzini
2018-04-06 17:11 ` [Qemu-devel] [PULL 18/20] dump: Fix build with newer gcc Paolo Bonzini
2018-04-06 17:11 ` [Qemu-devel] [PULL 19/20] maint: Add .mailmap entries for patches claiming list authorship Paolo Bonzini
2018-04-06 17:11 ` [Qemu-devel] [PULL 20/20] Add missing bit for SSE instr in VEX decoding Paolo Bonzini
2018-04-09 9:20 ` [Qemu-devel] [PULL 00/20] Miscellaneous patches for QEMU 2.12-rc Peter Maydell
2018-04-09 10:57 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1523034681-33787-16-git-send-email-pbonzini@redhat.com \
--to=pbonzini@redhat.com \
--cc=mprivozn@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).