From: "Lukas Wagner" <l.wagner@proxmox.com>
To: "Proxmox Datacenter Manager development discussion"
<pdm-devel@lists.proxmox.com>,
"Stefan Hanreich" <s.hanreich@proxmox.com>
Subject: Re: [pdm-devel] [PATCH proxmox-datacenter-manager 2/3] api: privileged: fix fchownat call
Date: Tue, 12 Aug 2025 09:31:50 +0200 [thread overview]
Message-ID: <DC09VI6OZFCX.2SQQTUTEROQ68@proxmox.com> (raw)
In-Reply-To: <20250811141847.271476-3-s.hanreich@proxmox.com>
On Mon Aug 11, 2025 at 4:18 PM CEST, Stefan Hanreich wrote:
> When starting the privileged API, the server would fail with the
> following error messages:
>
> Error: unable to set ownership for api socket '/run/proxmox-datacenter-manager/priv.sock' - EINVAL: Invalid argument
>
> chown(2) only supports the AT_SYMLINK_NOFOLLOW, not AT_SYMLINK_FOLLOW
> so this was probably a oversight. Pass empty flags to fchownat
> instead.
>
> Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
> ---
> server/src/bin/proxmox-datacenter-privileged-api.rs | 13 +++----------
> 1 file changed, 3 insertions(+), 10 deletions(-)
>
> diff --git a/server/src/bin/proxmox-datacenter-privileged-api.rs b/server/src/bin/proxmox-datacenter-privileged-api.rs
> index 66033eb..bd2c6dd 100644
> --- a/server/src/bin/proxmox-datacenter-privileged-api.rs
> +++ b/server/src/bin/proxmox-datacenter-privileged-api.rs
> @@ -161,16 +161,9 @@ async fn run() -> Result<(), Error> {
> format_err!("unable to set mode for api socket '{sockpath:?}' - {err}")
> })?;
>
> - fchownat(
> - None,
> - sockpath,
> - None,
> - Some(api_user.gid),
> - AtFlags::AT_SYMLINK_FOLLOW,
> - )
> - .map_err(|err| {
> - format_err!("unable to set ownership for api socket '{sockpath}' - {err}")
> - })?;
> + fchownat(None, sockpath, None, Some(api_user.gid), AtFlags::empty()).map_err(
> + |err| format_err!("unable to set ownership for api socket '{sockpath}' - {err}"),
> + )?;
>
> log::info!("created socket, notifying readiness to systemd and starting API server");
>
For what it's worth, I already sent a similar patch that was already
applied by Thomas, but I guess he did not push the changes.
My patch used AT_SYMLINK_NOFOLLOW instead of passing no flags, but since
the socket is not and probably will never be a symlink, it should not
matter.
https://lore.proxmox.com/pdm-devel/20250807123712.218439-1-l.wagner@proxmox.com/T/#t
_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel
next prev parent reply other threads:[~2025-08-12 7:30 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-11 14:18 [pdm-devel] [PATCH proxmox-datacenter-manager 0/3] fix pdm build for trixie Stefan Hanreich
2025-08-11 14:18 ` [pdm-devel] [PATCH proxmox-datacenter-manager 1/3] qemu: set with_conntrack_state when remote migrating Stefan Hanreich
2025-08-12 8:02 ` [pdm-devel] applied: " Dominik Csapak
2025-08-11 14:18 ` [pdm-devel] [PATCH proxmox-datacenter-manager 2/3] api: privileged: fix fchownat call Stefan Hanreich
2025-08-12 7:31 ` Lukas Wagner [this message]
2025-08-12 8:03 ` Dominik Csapak
2025-08-11 14:18 ` [pdm-devel] [PATCH proxmox-datacenter-manager 3/3] lxc: qemu: set new status properties Stefan Hanreich
2025-08-12 8:02 ` [pdm-devel] applied: " Dominik Csapak
2025-08-12 7:08 ` [pdm-devel] [PATCH proxmox-datacenter-manager 0/3] fix pdm build for trixie Dominik Csapak
2025-08-12 7:32 ` Lukas Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DC09VI6OZFCX.2SQQTUTEROQ68@proxmox.com \
--to=l.wagner@proxmox.com \
--cc=pdm-devel@lists.proxmox.com \
--cc=s.hanreich@proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.