Commit e455a3e8 authored by Michele Tartara's avatar Michele Tartara

Fix permission problem related to Issue 477

Commit 91525dee fixed Issue 477 but broke
"gnt-cluster info".

This commit offers a solution to both problems, by changing the permission
of the socket instead of changing the permission the confd process is run
with.
Signed-off-by: default avatarMichele Tartara <mtartara@google.com>
Reviewed-by: default avatarKlaus Aehlig <aehlig@google.com>
parent a39cd547
...@@ -82,7 +82,7 @@ _daemon_usergroup() { ...@@ -82,7 +82,7 @@ _daemon_usergroup() {
echo "@GNTMASTERUSER@:@GNTMASTERDGROUP@" echo "@GNTMASTERUSER@:@GNTMASTERDGROUP@"
;; ;;
confd) confd)
echo "@GNTCONFDUSER@:@GNTDAEMONSGROUP@" echo "@GNTCONFDUSER@:@GNTCONFDGROUP@"
;; ;;
luxid) luxid)
echo "@GNTLUXIDUSER@:@GNTLUXIDGROUP@" echo "@GNTLUXIDUSER@:@GNTLUXIDGROUP@"
......
...@@ -76,9 +76,11 @@ import Ganeti.Errors ...@@ -76,9 +76,11 @@ import Ganeti.Errors
import Ganeti.JSON import Ganeti.JSON
import Ganeti.OpParams (pTagsObject) import Ganeti.OpParams (pTagsObject)
import Ganeti.OpCodes import Ganeti.OpCodes
import Ganeti.Runtime
import qualified Ganeti.Query.Language as Qlang import qualified Ganeti.Query.Language as Qlang
import Ganeti.THH import Ganeti.THH
import Ganeti.Types import Ganeti.Types
import Ganeti.Utils
-- * Utility functions -- * Utility functions
...@@ -222,10 +224,12 @@ getClient path = do ...@@ -222,10 +224,12 @@ getClient path = do
return Client { socket=h, rbuf=rf } return Client { socket=h, rbuf=rf }
-- | Creates and returns a server endpoint. -- | Creates and returns a server endpoint.
getServer :: FilePath -> IO S.Socket getServer :: Bool -> FilePath -> IO S.Socket
getServer path = do getServer setOwner path = do
s <- S.socket S.AF_UNIX S.Stream S.defaultProtocol s <- S.socket S.AF_UNIX S.Stream S.defaultProtocol
S.bindSocket s (S.SockAddrUnix path) S.bindSocket s (S.SockAddrUnix path)
when setOwner . setOwnerAndGroupFromNames path GanetiConfd $
ExtraGroup DaemonsGroup
S.listen s 5 -- 5 is the max backlog S.listen s 5 -- 5 is the max backlog
return s return s
......
...@@ -249,7 +249,7 @@ prepMain _ _ = do ...@@ -249,7 +249,7 @@ prepMain _ _ = do
socket_path <- Path.defaultQuerySocket socket_path <- Path.defaultQuerySocket
cleanupSocket socket_path cleanupSocket socket_path
s <- describeError "binding to the Luxi socket" s <- describeError "binding to the Luxi socket"
Nothing (Just socket_path) $ getServer socket_path Nothing (Just socket_path) $ getServer True socket_path
cref <- newIORef (Bad "Configuration not yet loaded") cref <- newIORef (Bad "Configuration not yet loaded")
return (socket_path, s, cref) return (socket_path, s, cref)
......
...@@ -126,7 +126,7 @@ prop_ClientServer dnschars = monadicIO $ do ...@@ -126,7 +126,7 @@ prop_ClientServer dnschars = monadicIO $ do
-- we need to create the server first, otherwise (if we do it in the -- we need to create the server first, otherwise (if we do it in the
-- forked thread) the client could try to connect to it before it's -- forked thread) the client could try to connect to it before it's
-- ready -- ready
server <- run $ Luxi.getServer fpath server <- run $ Luxi.getServer False fpath
-- fork the server responder -- fork the server responder
_ <- run . forkIO $ _ <- run . forkIO $
bracket bracket
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment