From 6b15bdba51820b32677a54a082a194a1cff9f8ee Mon Sep 17 00:00:00 2001
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Thu, 11 Apr 2019 07:46:09 +0200
Subject: [PATCH] pmxcfs: allow read access for www-data to /run dir

There's no real sensible information here, and we naturally only
allow read, but no write/exec.

This makes our IPCC restart connection re-cachin heuristic also work
for processes run as www-data, e.g., pveproxy, and thus guarantee a
more seamless pmxcfs restart - e.g., for package updates.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
 data/src/pmxcfs.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/data/src/pmxcfs.c b/data/src/pmxcfs.c
index 2e78fdf..7399182 100644
--- a/data/src/pmxcfs.c
+++ b/data/src/pmxcfs.c
@@ -863,6 +863,7 @@ int main(int argc, char *argv[])
 
 	mkdir(VARLIBDIR, 0755);
 	mkdir(RUNDIR, 0755);
+	chown(RUNDIR, 0, cfs.gid);
 
 	if ((lockfd = open(LOCKFILE, O_RDWR|O_CREAT|O_APPEND, 0600)) == -1) {
 		cfs_critical("unable to create lock '%s': %s", LOCKFILE, strerror (errno));
@@ -1053,7 +1054,8 @@ int main(int argc, char *argv[])
 
 	ret = fuse_loop_mt(fuse);
 
-	open(RESTART_FLAG_FILE, O_CREAT|O_NOCTTY|O_NONBLOCK);
+	open(RESTART_FLAG_FILE, O_CREAT|O_NOCTTY|O_NONBLOCK, S_IRUSR | S_IRGRP);
+	chown(RESTART_FLAG_FILE, 0, cfs.gid);
 
 	cfs_message("teardown filesystem");
 
-- 
2.39.2