From dc26d50426792954e372cb7949b94fd3eb573942 Mon Sep 17 00:00:00 2001 From: Georgy Borodin Date: Fri, 10 Nov 2023 16:31:09 +0100 Subject: vppinfra: change fchmod to umask for unix socket Setting g+w permission for unix sockets didn't work. There were two problems: 1. new flag local_only wasn't set for all AF_UNIX sockets; 2. fchmod is not a good choice for sockets. fchmod was replaced with couple of umasks, and local_only with socket type check. Type: fix Fixes: 085757bb4930511928daa97f972cdca021e7a813 Change-Id: I8dc0fceb110a36bfa234f552bbdf182e09e55e27 Signed-off-by: Georgy Borodin --- src/vppinfra/socket.c | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/src/vppinfra/socket.c b/src/vppinfra/socket.c index b13675bc6f8..dd447abfd64 100644 --- a/src/vppinfra/socket.c +++ b/src/vppinfra/socket.c @@ -671,11 +671,24 @@ clib_socket_init (clib_socket_t *s) } #endif - if (need_bind && bind (s->fd, sa, addr_len) < 0) + if (need_bind) { - err = - clib_error_return_unix (0, "bind (fd %d, '%s')", s->fd, s->config); - goto done; + int bind_ret; + if (sa->sa_family == AF_UNIX && s->allow_group_write) + { + mode_t def_restrictions = umask (S_IWOTH); + bind_ret = bind (s->fd, sa, addr_len); + umask (def_restrictions); + } + else + bind_ret = bind (s->fd, sa, addr_len); + + if (bind_ret < 0) + { + err = clib_error_return_unix (0, "bind (fd %d, '%s')", s->fd, + s->config); + goto done; + } } if (listen (s->fd, 5) < 0) @@ -684,16 +697,6 @@ clib_socket_init (clib_socket_t *s) s->config); goto done; } - - if (s->local_only && s->allow_group_write) - { - if (fchmod (s->fd, S_IWGRP) < 0) - { - err = clib_error_return_unix ( - 0, "fchmod (fd %d, '%s', mode S_IWGRP)", s->fd, s->config); - goto done; - } - } } else { -- cgit 1.2.3-korg