[lxc.git] / debian / patches / fixes / 0004-pam-cgfs-ignore-the-system-umask-when-creating-the-c.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Jonathan Calmels <jcalmels@nvidia.com>
Date: Mon, 16 Apr 2018 12:30:33 -0700
Subject: [PATCH] pam-cgfs: ignore the system umask when creating the cgroup
 hierarchy

Fixes: #2277
Signed-off-by: Jonathan Calmels <jcalmels@nvidia.com>
---
 src/lxc/pam/pam_cgfs.c | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/src/lxc/pam/pam_cgfs.c b/src/lxc/pam/pam_cgfs.c
index 3df8daef..5c272b0e 100644
--- a/src/lxc/pam/pam_cgfs.c
+++ b/src/lxc/pam/pam_cgfs.c
@@ -223,6 +223,20 @@ static bool cgv2_prune_empty_cgroups(const char *user);
 static bool cgv2_remove(const char *cgroup);
 static bool is_cgv2(char *line);
 
+static int do_mkdir(const char *path, mode_t mode)
+{
+	int saved_errno;
+	mode_t mask;
+	int r;
+
+	mask = umask(0);
+	r = mkdir(path, mode);
+	saved_errno = errno;
+	umask(mask);
+	errno = saved_errno;
+	return (r);
+}
+
 /* Create directory and (if necessary) its parents. */
 static bool mkdir_parent(const char *root, char *path)
 {
@@ -252,7 +266,7 @@ static bool mkdir_parent(const char *root, char *path)
 		if (file_exists(path))
 			goto next;
 
-		if (mkdir(path, 0755) < 0) {
+		if (do_mkdir(path, 0755) < 0) {
 			pam_cgfs_debug("Failed to create %s: %s.\n", path, strerror(errno));
 			return false;
 		}
@@ -1963,7 +1977,7 @@ static bool cgv1_handle_cpuset_hierarchy(struct cgv1_hierarchy *h,
 	cgpath = must_make_path(h->mountpoint, h->base_cgroup, cgroup, NULL);
 	if (slash)
 		*slash = '/';
-	if (mkdir(cgpath, 0755) < 0 && errno != EEXIST) {
+	if (do_mkdir(cgpath, 0755) < 0 && errno != EEXIST) {
 		pam_cgfs_debug("Failed to create '%s'", cgpath);
 		free(cgpath);
 		return false;
-- 
2.11.0
Commit	Line	Data
99be5c8c WB	1	From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
	2	From: Jonathan Calmels <jcalmels@nvidia.com>
	3	Date: Mon, 16 Apr 2018 12:30:33 -0700
	4	Subject: [PATCH] pam-cgfs: ignore the system umask when creating the cgroup
	5	hierarchy
	6
	7	Fixes: #2277
	8	Signed-off-by: Jonathan Calmels <jcalmels@nvidia.com>
	9	---
	10	src/lxc/pam/pam_cgfs.c \| 18 ++++++++++++++++--
	11	1 file changed, 16 insertions(+), 2 deletions(-)
	12
	13	diff --git a/src/lxc/pam/pam_cgfs.c b/src/lxc/pam/pam_cgfs.c
	14	index 3df8daef..5c272b0e 100644
	15	--- a/src/lxc/pam/pam_cgfs.c
	16	+++ b/src/lxc/pam/pam_cgfs.c
	17	@@ -223,6 +223,20 @@ static bool cgv2_prune_empty_cgroups(const char *user);
	18	static bool cgv2_remove(const char *cgroup);
	19	static bool is_cgv2(char *line);
	20
	21	+static int do_mkdir(const char *path, mode_t mode)
	22	+{
	23	+ int saved_errno;
	24	+ mode_t mask;
	25	+ int r;
	26	+
	27	+ mask = umask(0);
	28	+ r = mkdir(path, mode);
	29	+ saved_errno = errno;
	30	+ umask(mask);
	31	+ errno = saved_errno;
	32	+ return (r);
	33	+}
	34	+
	35	/* Create directory and (if necessary) its parents. */
	36	static bool mkdir_parent(const char root, char path)
	37	{
	38	@@ -252,7 +266,7 @@ static bool mkdir_parent(const char root, char path)
	39	if (file_exists(path))
	40	goto next;
	41
	42	- if (mkdir(path, 0755) < 0) {
	43	+ if (do_mkdir(path, 0755) < 0) {
	44	pam_cgfs_debug("Failed to create %s: %s.\n", path, strerror(errno));
	45	return false;
	46	}
	47	@@ -1963,7 +1977,7 @@ static bool cgv1_handle_cpuset_hierarchy(struct cgv1_hierarchy *h,
	48	cgpath = must_make_path(h->mountpoint, h->base_cgroup, cgroup, NULL);
	49	if (slash)
	50	*slash = '/';
	51	- if (mkdir(cgpath, 0755) < 0 && errno != EEXIST) {
	52	+ if (do_mkdir(cgpath, 0755) < 0 && errno != EEXIST) {
	53	pam_cgfs_debug("Failed to create '%s'", cgpath);
	54	free(cgpath);
	55	return false;
	56	--
	57	2.11.0
	58