pmxcfs: allow read access for www-data to /run dir

There's no real sensible information here, and we naturally only
allow read, but no write/exec.

This makes our IPCC restart connection re-cachin heuristic also work
for processes run as www-data, e.g., pveproxy, and thus guarantee a
more seamless pmxcfs restart - e.g., for package updates.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/data/src/pmxcfs.c b/data/src/pmxcfs.c
index 2e78fdf12bf7b79ef781bf2e52b6db3abaddfc46..73991828bd57ad5ccb00b12125361e6b61bed8ca 100644 (file)
--- a/data/src/pmxcfs.c
+++ b/data/src/pmxcfs.c
@@ -863,6 +863,7 @@ int main(int argc, char *argv[])
 
        mkdir(VARLIBDIR, 0755);
        mkdir(RUNDIR, 0755);
+       chown(RUNDIR, 0, cfs.gid);
 
        if ((lockfd = open(LOCKFILE, O_RDWR|O_CREAT|O_APPEND, 0600)) == -1) {
                cfs_critical("unable to create lock '%s': %s", LOCKFILE, strerror (errno));
@@ -1053,7 +1054,8 @@ int main(int argc, char *argv[])
 
        ret = fuse_loop_mt(fuse);
 
-       open(RESTART_FLAG_FILE, O_CREAT|O_NOCTTY|O_NONBLOCK);
+       open(RESTART_FLAG_FILE, O_CREAT|O_NOCTTY|O_NONBLOCK, S_IRUSR | S_IRGRP);
+       chown(RESTART_FLAG_FILE, 0, cfs.gid);
 
        cfs_message("teardown filesystem");