Commit
91525dee856951ace940c78b6254a1c7344b4803 fixed Issue 477 but broke
"gnt-cluster info".
This commit offers a solution to both problems, by changing the permission
of the socket instead of changing the permission the confd process is run
with.
Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>
echo "@GNTMASTERUSER@:@GNTMASTERDGROUP@"
;;
confd)
- echo "@GNTCONFDUSER@:@GNTDAEMONSGROUP@"
+ echo "@GNTCONFDUSER@:@GNTCONFDGROUP@"
;;
luxid)
echo "@GNTLUXIDUSER@:@GNTLUXIDGROUP@"
import Ganeti.JSON
import Ganeti.OpParams (pTagsObject)
import Ganeti.OpCodes
+import Ganeti.Runtime
import qualified Ganeti.Query.Language as Qlang
import Ganeti.THH
import Ganeti.Types
+import Ganeti.Utils
-- * Utility functions
return Client { socket=h, rbuf=rf }
-- | Creates and returns a server endpoint.
-getServer :: FilePath -> IO S.Socket
-getServer path = do
+getServer :: Bool -> FilePath -> IO S.Socket
+getServer setOwner path = do
s <- S.socket S.AF_UNIX S.Stream S.defaultProtocol
S.bindSocket s (S.SockAddrUnix path)
+ when setOwner . setOwnerAndGroupFromNames path GanetiConfd $
+ ExtraGroup DaemonsGroup
S.listen s 5 -- 5 is the max backlog
return s
socket_path <- Path.defaultQuerySocket
cleanupSocket socket_path
s <- describeError "binding to the Luxi socket"
- Nothing (Just socket_path) $ getServer socket_path
+ Nothing (Just socket_path) $ getServer True socket_path
cref <- newIORef (Bad "Configuration not yet loaded")
return (socket_path, s, cref)
-- we need to create the server first, otherwise (if we do it in the
-- forked thread) the client could try to connect to it before it's
-- ready
- server <- run $ Luxi.getServer fpath
+ server <- run $ Luxi.getServer False fpath
-- fork the server responder
_ <- run . forkIO $
bracket