log: chown pidfile to current criu user

If criu run with suid bit set, user should be able to read pidfiles(i.e. service pidfile). Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
author: Ruslan Kuprieiev <kupruser@gmail.com> 2015-01-29 23:59:29 +0300
committer: Pavel Emelyanov <xemul@parallels.com> 2015-02-10 16:54:32 +0300
commit: e2c3ad37912bb4848573e3c8bbf740f166ae78fb (patch)
tree: bf7f9c8e1a81792461791fb0ac49d0742514df08
parent: 09c3f5d0c7c6ab99eb9e046a324cc85cb4613224 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/log.c b/log.c
index c6e64da9a..0a5eb58b1 100644
--- a/log.c
+++ b/log.c
@@ -17,6 +17,7 @@
 #include "util.h"
 #include "cr_options.h"
 #include "servicefd.h"
+#include "security.h"
 
 #define DEFAULT_LOGFD		STDERR_FILENO
 /* Enable timestamps if verbosity is increased from default */
@@ -191,6 +192,12 @@ int write_pidfile(int pid)
 		return -1;
 	}
 
+	if (cr_fchown(fd)) {
+		pr_perror("Can't chown pidfile %s", opts.pidfile);
+		close(fd);
+		return -1;
+	}
+
 	dprintf(fd, "%d", pid);
 	close(fd);
 	return 0;
author	Ruslan Kuprieiev <kupruser@gmail.com>	2015-01-29 23:59:29 +0300
committer	Pavel Emelyanov <xemul@parallels.com>	2015-02-10 16:54:32 +0300
commit	e2c3ad37912bb4848573e3c8bbf740f166ae78fb (patch)
tree	bf7f9c8e1a81792461791fb0ac49d0742514df08
parent	09c3f5d0c7c6ab99eb9e046a324cc85cb4613224 (diff)