From: Jim Meyering <meyering@redhat.com>
Date: Fri, 26 Feb 2010 09:42:14 +0000 (+0100)
Subject: libvirtd: do not ignore failure to set group ID in privileged mode
X-Git-Tag: v0.7.7~63
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7ca954cf26ff06d2564ca88276d12f33bec4d5ef;p=thirdparty%2Flibvirt.git

libvirtd: do not ignore failure to set group ID in privileged mode

* daemon/libvirtd.c (qemudListenUnix): Diagnose and fail upon
failure to set or restore group-ID.
---

diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c
index cee6f13888..9bdbecb779 100644
--- a/daemon/libvirtd.c
+++ b/daemon/libvirtd.c
@@ -560,8 +560,10 @@ static int qemudListenUnix(struct qemud_server *server,
 
     oldgrp = getgid();
     oldmask = umask(readonly ? ~unix_sock_ro_mask : ~unix_sock_rw_mask);
-    if (server->privileged)
-        setgid(unix_sock_gid);
+    if (server->privileged && setgid(unix_sock_gid)) {
+        VIR_ERROR(_("Failed to set group ID to %d"), unix_sock_gid);
+        goto cleanup;
+    }
 
     if (bind(sock->fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
         VIR_ERROR(_("Failed to bind socket to '%s': %s"),
@@ -569,8 +571,10 @@ static int qemudListenUnix(struct qemud_server *server,
         goto cleanup;
     }
     umask(oldmask);
-    if (server->privileged)
-        setgid(oldgrp);
+    if (server->privileged && setgid(oldgrp)) {
+        VIR_ERROR(_("Failed to restore group ID to %d"), oldgrp);
+        goto cleanup;
+    }
 
     if (listen(sock->fd, 30) < 0) {
         VIR_ERROR(_("Failed to listen for connections on '%s': %s"),