Patch sent upstream (to Stephan Kulow) on 2009-04-06. -- Michal
commit e5dcc8beda99ffb4cb19b8eef024dbc22b010d54
Author: Michal Schmidt <mschmidt@redhat.com>
Date: Sun Apr 5 23:32:32 2009 +0200
fix permissions in the cache dir
The way icecream changes permissions of /var/cache/icecream is buggy.
When the daemon initializes, it creates the directory owned by root:root
and readable for everyone. As soon as it installs a foreign environment,
it changes the owner to root:icecream and removes access for everyone
else. This causes trouble for locally run icecc which wants read access
to /var/cache/icecream/native. As a result, local compile jobs can no
longer determine the native environment and fail to get distributed to
other nodes.
This patch assigns the owners and permissions like this:
0755 root:root /var/cache/icecream/
0775 root:icecream /var/cache/icecream/native/
0770 root:icecream /var/cache/icecream/target=<target>/
0770 root:icecream /var/cache/icecream/target=<target>/<hash>/
It also sets the umask in the initialization of the daemon so that we
can depend on it being sane and we no longer need some of the chmods.
The access() check in start_install_environment() can be dropped,
because if we don't have access, we'll soon find out anyway.
diff --git a/daemon/environment.cpp b/daemon/environment.cpp
index 9dc2831..979da91 100644
--- a/daemon/environment.cpp
+++ b/daemon/environment.cpp
@@ -180,8 +180,6 @@ bool cleanup_cache( const string &basedir )
log_perror( "mkdir in cleanup_cache() failed" );
return false;
}
- chown( basedir.c_str(), 0, 0 );
- chmod( basedir.c_str(), 0755 );
return ret;
}
@@ -219,14 +217,14 @@ size_t setup_env_cache(const string &basedir, string &native_environment, uid_t
if ( ::access( "/usr/bin/gcc", X_OK ) || ::access( "/usr/bin/g++", X_OK ) )
return 0;
- if ( mkdir( nativedir.c_str(), 0755 ) )
+ if ( mkdir( nativedir.c_str(), 0775 ) )
return 0;
- if ( chown( nativedir.c_str(), nobody_uid, nobody_gid) ) {
+ if ( chown( nativedir.c_str(), 0, nobody_gid ) ||
+ chmod( nativedir.c_str(), 0775 ) ) {
rmdir( nativedir.c_str() );
return 0;
}
- chmod( nativedir.c_str(), 0755 );
flush_debug();
pid_t pid = fork();
@@ -251,7 +249,6 @@ size_t setup_env_cache(const string &basedir, string &native_environment, uid_t
}
}
// else
- umask(022);
if ( setgid( nobody_gid ) < 0) {
log_perror("setgid failed");
@@ -313,30 +310,28 @@ pid_t start_install_environment( const std::string &basename, const std::string
compression = BZip2;
}
- if( ::access( basename.c_str(), W_OK ) ) {
- log_error() << "access for basename " << basename.c_str() << " gives " << strerror(errno) << endl;
- return 0;
- }
-
- chown( basename.c_str(), 0, nobody_gid );
- chmod( basename.c_str(), 0770 );
-
- if ( mkdir( dirname.c_str(), 0755 ) && errno != EEXIST ) {
+ if ( mkdir( dirname.c_str(), 0770 ) && errno != EEXIST ) {
log_perror( "mkdir target" );
return 0;
}
- chown( dirname.c_str(), 0, nobody_gid );
- chmod( dirname.c_str(), 0770 );
+ if ( chown( dirname.c_str(), 0, nobody_gid ) ||
+ chmod( dirname.c_str(), 0770 ) ) {
+ log_perror( "chown,chmod target" );
+ return 0;
+ }
dirname = dirname + "/" + name;
- if ( mkdir( dirname.c_str(), 0700 ) ) {
+ if ( mkdir( dirname.c_str(), 0770 ) ) {
log_perror( "mkdir name" );
return 0;
}
- chown( dirname.c_str(), 0, nobody_gid );
- chmod( dirname.c_str(), 0770 );
+ if ( chown( dirname.c_str(), 0, nobody_gid ) ||
+ chmod( dirname.c_str(), 0770 ) ) {
+ log_perror( "chown,chmod name" );
+ return 0;
+ }
int fds[2];
if ( pipe( fds ) )
diff --git a/daemon/main.cpp b/daemon/main.cpp
index 17fc761..7a6498f 100644
--- a/daemon/main.cpp
+++ b/daemon/main.cpp
@@ -1598,6 +1598,8 @@ int main( int argc, char ** argv )
}
}
+ umask(022);
+
if ( !logfile.length() && detach)
logfile = "/var/log/iceccd";