diff options
author | Georgy Borodin <bor1-go@yandex-team.ru> | 2023-11-10 16:31:09 +0100 |
---|---|---|
committer | Damjan Marion <dmarion@0xa5.net> | 2024-01-17 19:10:13 +0000 |
commit | dc26d50426792954e372cb7949b94fd3eb573942 (patch) | |
tree | e814fe3de6e2ed7ad8e88909d2d688b708538ee8 | |
parent | 8beddaf5b435a872b844052b506366b7a474004c (diff) |
vppinfra: change fchmod to umask for unix socket
Setting g+w permission for unix sockets didn't work. There were
two problems:
1. new flag local_only wasn't set for all AF_UNIX sockets;
2. fchmod is not a good choice for sockets.
fchmod was replaced with couple of umasks, and local_only with
socket type check.
Type: fix
Fixes: 085757bb4930511928daa97f972cdca021e7a813
Change-Id: I8dc0fceb110a36bfa234f552bbdf182e09e55e27
Signed-off-by: Georgy Borodin <bor1-go@yandex-team.ru>
-rw-r--r-- | src/vppinfra/socket.c | 31 |
1 files changed, 17 insertions, 14 deletions
diff --git a/src/vppinfra/socket.c b/src/vppinfra/socket.c index b13675bc6f8..dd447abfd64 100644 --- a/src/vppinfra/socket.c +++ b/src/vppinfra/socket.c @@ -671,11 +671,24 @@ clib_socket_init (clib_socket_t *s) } #endif - if (need_bind && bind (s->fd, sa, addr_len) < 0) + if (need_bind) { - err = - clib_error_return_unix (0, "bind (fd %d, '%s')", s->fd, s->config); - goto done; + int bind_ret; + if (sa->sa_family == AF_UNIX && s->allow_group_write) + { + mode_t def_restrictions = umask (S_IWOTH); + bind_ret = bind (s->fd, sa, addr_len); + umask (def_restrictions); + } + else + bind_ret = bind (s->fd, sa, addr_len); + + if (bind_ret < 0) + { + err = clib_error_return_unix (0, "bind (fd %d, '%s')", s->fd, + s->config); + goto done; + } } if (listen (s->fd, 5) < 0) @@ -684,16 +697,6 @@ clib_socket_init (clib_socket_t *s) s->config); goto done; } - - if (s->local_only && s->allow_group_write) - { - if (fchmod (s->fd, S_IWGRP) < 0) - { - err = clib_error_return_unix ( - 0, "fchmod (fd %d, '%s', mode S_IWGRP)", s->fd, s->config); - goto done; - } - } } else { |