|
 |
7934e6f |
Patch sent upstream (to Stephan Kulow) on 2009-04-06. -- Michal
|
|
|
7934e6f |
|
|
|
7934e6f |
commit e5dcc8beda99ffb4cb19b8eef024dbc22b010d54
|
|
|
7934e6f |
Author: Michal Schmidt <mschmidt@redhat.com>
|
|
|
7934e6f |
Date: Sun Apr 5 23:32:32 2009 +0200
|
|
|
7934e6f |
|
|
|
7934e6f |
fix permissions in the cache dir
|
|
|
7934e6f |
|
|
|
7934e6f |
The way icecream changes permissions of /var/cache/icecream is buggy.
|
|
|
7934e6f |
When the daemon initializes, it creates the directory owned by root:root
|
|
|
7934e6f |
and readable for everyone. As soon as it installs a foreign environment,
|
|
|
7934e6f |
it changes the owner to root:icecream and removes access for everyone
|
|
|
7934e6f |
else. This causes trouble for locally run icecc which wants read access
|
|
|
7934e6f |
to /var/cache/icecream/native. As a result, local compile jobs can no
|
|
|
7934e6f |
longer determine the native environment and fail to get distributed to
|
|
|
7934e6f |
other nodes.
|
|
|
7934e6f |
|
|
|
7934e6f |
This patch assigns the owners and permissions like this:
|
|
|
7934e6f |
0755 root:root /var/cache/icecream/
|
|
|
7934e6f |
0775 root:icecream /var/cache/icecream/native/
|
|
|
7934e6f |
0770 root:icecream /var/cache/icecream/target=<target>/
|
|
|
7934e6f |
0770 root:icecream /var/cache/icecream/target=<target>/<hash>/
|
|
|
7934e6f |
|
|
|
7934e6f |
It also sets the umask in the initialization of the daemon so that we
|
|
|
7934e6f |
can depend on it being sane and we no longer need some of the chmods.
|
|
|
7934e6f |
|
|
|
7934e6f |
The access() check in start_install_environment() can be dropped,
|
|
|
7934e6f |
because if we don't have access, we'll soon find out anyway.
|
|
|
7934e6f |
|
|
|
7934e6f |
diff --git a/daemon/environment.cpp b/daemon/environment.cpp
|
|
|
7934e6f |
index 9dc2831..979da91 100644
|
|
|
7934e6f |
--- a/daemon/environment.cpp
|
|
|
7934e6f |
+++ b/daemon/environment.cpp
|
|
|
7934e6f |
@@ -180,8 +180,6 @@ bool cleanup_cache( const string &basedir )
|
|
|
7934e6f |
log_perror( "mkdir in cleanup_cache() failed" );
|
|
|
7934e6f |
return false;
|
|
|
7934e6f |
}
|
|
|
7934e6f |
- chown( basedir.c_str(), 0, 0 );
|
|
|
7934e6f |
- chmod( basedir.c_str(), 0755 );
|
|
|
7934e6f |
|
|
|
7934e6f |
return ret;
|
|
|
7934e6f |
}
|
|
|
7934e6f |
@@ -219,14 +217,14 @@ size_t setup_env_cache(const string &basedir, string &native_environment, uid_t
|
|
|
7934e6f |
if ( ::access( "/usr/bin/gcc", X_OK ) || ::access( "/usr/bin/g++", X_OK ) )
|
|
|
7934e6f |
return 0;
|
|
|
7934e6f |
|
|
|
7934e6f |
- if ( mkdir( nativedir.c_str(), 0755 ) )
|
|
|
7934e6f |
+ if ( mkdir( nativedir.c_str(), 0775 ) )
|
|
|
7934e6f |
return 0;
|
|
|
7934e6f |
|
|
|
7934e6f |
- if ( chown( nativedir.c_str(), nobody_uid, nobody_gid) ) {
|
|
|
7934e6f |
+ if ( chown( nativedir.c_str(), 0, nobody_gid ) ||
|
|
|
7934e6f |
+ chmod( nativedir.c_str(), 0775 ) ) {
|
|
|
7934e6f |
rmdir( nativedir.c_str() );
|
|
|
7934e6f |
return 0;
|
|
|
7934e6f |
}
|
|
|
7934e6f |
- chmod( nativedir.c_str(), 0755 );
|
|
|
7934e6f |
|
|
|
7934e6f |
flush_debug();
|
|
|
7934e6f |
pid_t pid = fork();
|
|
|
7934e6f |
@@ -251,7 +249,6 @@ size_t setup_env_cache(const string &basedir, string &native_environment, uid_t
|
|
|
7934e6f |
}
|
|
|
7934e6f |
}
|
|
|
7934e6f |
// else
|
|
|
7934e6f |
- umask(022);
|
|
|
7934e6f |
|
|
|
7934e6f |
if ( setgid( nobody_gid ) < 0) {
|
|
|
7934e6f |
log_perror("setgid failed");
|
|
|
7934e6f |
@@ -313,30 +310,28 @@ pid_t start_install_environment( const std::string &basename, const std::string
|
|
|
7934e6f |
compression = BZip2;
|
|
|
7934e6f |
}
|
|
|
7934e6f |
|
|
|
7934e6f |
- if( ::access( basename.c_str(), W_OK ) ) {
|
|
|
7934e6f |
- log_error() << "access for basename " << basename.c_str() << " gives " << strerror(errno) << endl;
|
|
|
7934e6f |
- return 0;
|
|
|
7934e6f |
- }
|
|
|
7934e6f |
-
|
|
|
7934e6f |
- chown( basename.c_str(), 0, nobody_gid );
|
|
|
7934e6f |
- chmod( basename.c_str(), 0770 );
|
|
|
7934e6f |
-
|
|
|
7934e6f |
- if ( mkdir( dirname.c_str(), 0755 ) && errno != EEXIST ) {
|
|
|
7934e6f |
+ if ( mkdir( dirname.c_str(), 0770 ) && errno != EEXIST ) {
|
|
|
7934e6f |
log_perror( "mkdir target" );
|
|
|
7934e6f |
return 0;
|
|
|
7934e6f |
}
|
|
|
7934e6f |
|
|
|
7934e6f |
- chown( dirname.c_str(), 0, nobody_gid );
|
|
|
7934e6f |
- chmod( dirname.c_str(), 0770 );
|
|
|
7934e6f |
+ if ( chown( dirname.c_str(), 0, nobody_gid ) ||
|
|
|
7934e6f |
+ chmod( dirname.c_str(), 0770 ) ) {
|
|
|
7934e6f |
+ log_perror( "chown,chmod target" );
|
|
|
7934e6f |
+ return 0;
|
|
|
7934e6f |
+ }
|
|
|
7934e6f |
|
|
|
7934e6f |
dirname = dirname + "/" + name;
|
|
|
7934e6f |
- if ( mkdir( dirname.c_str(), 0700 ) ) {
|
|
|
7934e6f |
+ if ( mkdir( dirname.c_str(), 0770 ) ) {
|
|
|
7934e6f |
log_perror( "mkdir name" );
|
|
|
7934e6f |
return 0;
|
|
|
7934e6f |
}
|
|
|
7934e6f |
|
|
|
7934e6f |
- chown( dirname.c_str(), 0, nobody_gid );
|
|
|
7934e6f |
- chmod( dirname.c_str(), 0770 );
|
|
|
7934e6f |
+ if ( chown( dirname.c_str(), 0, nobody_gid ) ||
|
|
|
7934e6f |
+ chmod( dirname.c_str(), 0770 ) ) {
|
|
|
7934e6f |
+ log_perror( "chown,chmod name" );
|
|
|
7934e6f |
+ return 0;
|
|
|
7934e6f |
+ }
|
|
|
7934e6f |
|
|
|
7934e6f |
int fds[2];
|
|
|
7934e6f |
if ( pipe( fds ) )
|
|
|
7934e6f |
diff --git a/daemon/main.cpp b/daemon/main.cpp
|
|
|
7934e6f |
index 17fc761..7a6498f 100644
|
|
|
7934e6f |
--- a/daemon/main.cpp
|
|
|
7934e6f |
+++ b/daemon/main.cpp
|
|
|
7934e6f |
@@ -1598,6 +1598,8 @@ int main( int argc, char ** argv )
|
|
|
7934e6f |
}
|
|
|
7934e6f |
}
|
|
|
7934e6f |
|
|
|
7934e6f |
+ umask(022);
|
|
|
7934e6f |
+
|
|
|
7934e6f |
if ( !logfile.length() && detach)
|
|
|
7934e6f |
logfile = "/var/log/iceccd";
|
|
|
7934e6f |
|