Commit e455a3e8 authored by Michele Tartara's avatar Michele Tartara

Fix permission problem related to Issue 477

Commit 91525dee fixed Issue 477 but broke
"gnt-cluster info".

This commit offers a solution to both problems, by changing the permission
of the socket instead of changing the permission the confd process is run
with.
Signed-off-by: default avatarMichele Tartara <mtartara@google.com>
Reviewed-by: default avatarKlaus Aehlig <aehlig@google.com>
parent a39cd547
......@@ -82,7 +82,7 @@ _daemon_usergroup() {
echo "@GNTMASTERUSER@:@GNTMASTERDGROUP@"
;;
confd)
echo "@GNTCONFDUSER@:@GNTDAEMONSGROUP@"
echo "@GNTCONFDUSER@:@GNTCONFDGROUP@"
;;
luxid)
echo "@GNTLUXIDUSER@:@GNTLUXIDGROUP@"
......
......@@ -76,9 +76,11 @@ import Ganeti.Errors
import Ganeti.JSON
import Ganeti.OpParams (pTagsObject)
import Ganeti.OpCodes
import Ganeti.Runtime
import qualified Ganeti.Query.Language as Qlang
import Ganeti.THH
import Ganeti.Types
import Ganeti.Utils
-- * Utility functions
......@@ -222,10 +224,12 @@ getClient path = do
return Client { socket=h, rbuf=rf }
-- | Creates and returns a server endpoint.
getServer :: FilePath -> IO S.Socket
getServer path = do
getServer :: Bool -> FilePath -> IO S.Socket
getServer setOwner path = do
s <- S.socket S.AF_UNIX S.Stream S.defaultProtocol
S.bindSocket s (S.SockAddrUnix path)
when setOwner . setOwnerAndGroupFromNames path GanetiConfd $
ExtraGroup DaemonsGroup
S.listen s 5 -- 5 is the max backlog
return s
......
......@@ -249,7 +249,7 @@ prepMain _ _ = do
socket_path <- Path.defaultQuerySocket
cleanupSocket socket_path
s <- describeError "binding to the Luxi socket"
Nothing (Just socket_path) $ getServer socket_path
Nothing (Just socket_path) $ getServer True socket_path
cref <- newIORef (Bad "Configuration not yet loaded")
return (socket_path, s, cref)
......
......@@ -126,7 +126,7 @@ prop_ClientServer dnschars = monadicIO $ do
-- we need to create the server first, otherwise (if we do it in the
-- forked thread) the client could try to connect to it before it's
-- ready
server <- run $ Luxi.getServer fpath
server <- run $ Luxi.getServer False fpath
-- fork the server responder
_ <- run . forkIO $
bracket
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment