[libvirt] [PATCH] libvirtd: do not ignore failure to set group ID in privileged mode
Jim Meyering
jim at meyering.net
Fri Feb 26 10:49:47 UTC 2010
Coverity spotted these unchecked setgid calls:
>From 7eddaf457d54974859a8c22cced6f43e2d267746 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering at redhat.com>
Date: Fri, 26 Feb 2010 10:42:14 +0100
Subject: [PATCH] libvirtd: do not ignore failure to set group ID in privileged mode
* daemon/libvirtd.c (qemudListenUnix): Diagnose and fail upon
failure to set or restore group-ID.
---
daemon/libvirtd.c | 12 ++++++++----
1 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c
index cee6f13..9bdbecb 100644
--- a/daemon/libvirtd.c
+++ b/daemon/libvirtd.c
@@ -560,8 +560,10 @@ static int qemudListenUnix(struct qemud_server *server,
oldgrp = getgid();
oldmask = umask(readonly ? ~unix_sock_ro_mask : ~unix_sock_rw_mask);
- if (server->privileged)
- setgid(unix_sock_gid);
+ if (server->privileged && setgid(unix_sock_gid)) {
+ VIR_ERROR(_("Failed to set group ID to %d"), unix_sock_gid);
+ goto cleanup;
+ }
if (bind(sock->fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
VIR_ERROR(_("Failed to bind socket to '%s': %s"),
@@ -569,8 +571,10 @@ static int qemudListenUnix(struct qemud_server *server,
goto cleanup;
}
umask(oldmask);
- if (server->privileged)
- setgid(oldgrp);
+ if (server->privileged && setgid(oldgrp)) {
+ VIR_ERROR(_("Failed to restore group ID to %d"), oldgrp);
+ goto cleanup;
+ }
if (listen(sock->fd, 30) < 0) {
VIR_ERROR(_("Failed to listen for connections on '%s': %s"),
--
1.7.0.442.g55ad1
More information about the libvir-list
mailing list