]> git.ipfire.org Git - thirdparty/qemu.git/commitdiff
projects / thirdparty / qemu.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9f91022)
qemu-pr-helper: Daemonize before dropping privileges
authorMichal Privoznik <mprivozn@redhat.com>
Tue, 3 Apr 2018 13:12:14 +0000 (15:12 +0200)
committerPaolo Bonzini <pbonzini@redhat.com>
Mon, 9 Apr 2018 14:36:40 +0000 (16:36 +0200)
After we've dropped privileges it might be not possible to write
pidfile. For instance, if this binary is run as root (because
user wants it to write pidfile to some privileged location)
writing pidfile fails because privileges are dropped before we
even get to that.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
scsi/qemu-pr-helper.c patch | blob | blame | history

diff --git a/scsi/qemu-pr-helper.c b/scsi/qemu-pr-helper.c
index 21e1b8ea601c1891e3ea3fec04c0e5442d7803f9..eeff80acf2953939fa7feaa955a2e87de85bbdb8 100644 (file)
--- a/scsi/qemu-pr-helper.c
+++ b/scsi/qemu-pr-helper.c
@@ -1081,13 +1081,6 @@ int main(int argc, char **argv)
                                          accept_client,
                                          NULL, NULL);
 
-#ifdef CONFIG_LIBCAP
-    if (drop_privileges() < 0) {
-        error_report("Failed to drop privileges: %s", strerror(errno));
-        exit(EXIT_FAILURE);
-    }
-#endif
-
     if (daemonize) {
         if (daemon(0, 0) < 0) {
             error_report("Failed to daemonize: %s", strerror(errno));
@@ -1096,6 +1089,13 @@ int main(int argc, char **argv)
         write_pidfile();
     }
 
+#ifdef CONFIG_LIBCAP
+    if (drop_privileges() < 0) {
+        error_report("Failed to drop privileges: %s", strerror(errno));
+        exit(EXIT_FAILURE);
+    }
+#endif
+
     state = RUNNING;
     do {
         main_loop_wait(false);
Mirror of https://git.qemu.org/git/qemu.git