aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGeorgy Borodin <bor1-go@yandex-team.ru>2023-11-10 16:31:09 +0100
committerDamjan Marion <dmarion@0xa5.net>2024-01-17 19:10:13 +0000
commitdc26d50426792954e372cb7949b94fd3eb573942 (patch)
treee814fe3de6e2ed7ad8e88909d2d688b708538ee8
parent8beddaf5b435a872b844052b506366b7a474004c (diff)
vppinfra: change fchmod to umask for unix socket
Setting g+w permission for unix sockets didn't work. There were two problems: 1. new flag local_only wasn't set for all AF_UNIX sockets; 2. fchmod is not a good choice for sockets. fchmod was replaced with couple of umasks, and local_only with socket type check. Type: fix Fixes: 085757bb4930511928daa97f972cdca021e7a813 Change-Id: I8dc0fceb110a36bfa234f552bbdf182e09e55e27 Signed-off-by: Georgy Borodin <bor1-go@yandex-team.ru>
-rw-r--r--src/vppinfra/socket.c31
1 files changed, 17 insertions, 14 deletions
diff --git a/src/vppinfra/socket.c b/src/vppinfra/socket.c
index b13675bc6f8..dd447abfd64 100644
--- a/src/vppinfra/socket.c
+++ b/src/vppinfra/socket.c
@@ -671,11 +671,24 @@ clib_socket_init (clib_socket_t *s)
}
#endif
- if (need_bind && bind (s->fd, sa, addr_len) < 0)
+ if (need_bind)
{
- err =
- clib_error_return_unix (0, "bind (fd %d, '%s')", s->fd, s->config);
- goto done;
+ int bind_ret;
+ if (sa->sa_family == AF_UNIX && s->allow_group_write)
+ {
+ mode_t def_restrictions = umask (S_IWOTH);
+ bind_ret = bind (s->fd, sa, addr_len);
+ umask (def_restrictions);
+ }
+ else
+ bind_ret = bind (s->fd, sa, addr_len);
+
+ if (bind_ret < 0)
+ {
+ err = clib_error_return_unix (0, "bind (fd %d, '%s')", s->fd,
+ s->config);
+ goto done;
+ }
}
if (listen (s->fd, 5) < 0)
@@ -684,16 +697,6 @@ clib_socket_init (clib_socket_t *s)
s->config);
goto done;
}
-
- if (s->local_only && s->allow_group_write)
- {
- if (fchmod (s->fd, S_IWGRP) < 0)
- {
- err = clib_error_return_unix (
- 0, "fchmod (fd %d, '%s', mode S_IWGRP)", s->fd, s->config);
- goto done;
- }
- }
}
else
{