* [pdm-devel] [PATCH proxmox-datacenter-manager] privileged api daemon: call fchownat with AT_SYMLINK_NOFOLLOW
@ 2025-08-07 12:37 Lukas Wagner
2025-08-08 13:01 ` [pdm-devel] applied: " Thomas Lamprecht
0 siblings, 1 reply; 2+ messages in thread
From: Lukas Wagner @ 2025-08-07 12:37 UTC (permalink / raw)
To: pdm-devel
AT_SYMLINK_FOLLOW makes the fchownat call fail with EINVAL, which
prevents daemon startup alltogether. The only supported flag for
fchownat is AT_SYMLINK_NOFOLLOW [1]. If one would actually would want to
follow a symlink here one would have to pass no flag at all.
The socket path which is fchownat'd here should not be a symlink at all,
so the safer option should be to pass AT_SYMLINK_NOFOLLOW.
[1] https://linux.die.net/man/2/fchownat
Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>
---
server/src/bin/proxmox-datacenter-privileged-api.rs | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/server/src/bin/proxmox-datacenter-privileged-api.rs b/server/src/bin/proxmox-datacenter-privileged-api.rs
index b62f4ea2..bcab882f 100644
--- a/server/src/bin/proxmox-datacenter-privileged-api.rs
+++ b/server/src/bin/proxmox-datacenter-privileged-api.rs
@@ -166,7 +166,7 @@ async fn run() -> Result<(), Error> {
sockpath,
None,
Some(api_user.gid),
- AtFlags::AT_SYMLINK_FOLLOW,
+ AtFlags::AT_SYMLINK_NOFOLLOW,
)
.map_err(|err| {
format_err!("unable to set ownership for api socket '{sockpath}' - {err}")
--
2.47.2
_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
* [pdm-devel] applied: [PATCH proxmox-datacenter-manager] privileged api daemon: call fchownat with AT_SYMLINK_NOFOLLOW
2025-08-07 12:37 [pdm-devel] [PATCH proxmox-datacenter-manager] privileged api daemon: call fchownat with AT_SYMLINK_NOFOLLOW Lukas Wagner
@ 2025-08-08 13:01 ` Thomas Lamprecht
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Lamprecht @ 2025-08-08 13:01 UTC (permalink / raw)
To: pdm-devel, Lukas Wagner
On Thu, 07 Aug 2025 14:37:12 +0200, Lukas Wagner wrote:
> AT_SYMLINK_FOLLOW makes the fchownat call fail with EINVAL, which
> prevents daemon startup alltogether. The only supported flag for
> fchownat is AT_SYMLINK_NOFOLLOW [1]. If one would actually would want to
> follow a symlink here one would have to pass no flag at all.
>
> The socket path which is fchownat'd here should not be a symlink at all,
> so the safer option should be to pass AT_SYMLINK_NOFOLLOW.
>
> [...]
Applied, thanks!
[1/1] privileged api daemon: call fchownat with AT_SYMLINK_NOFOLLOW
commit: cc9bc95e2da6bfbf3930627ebf6dc5427beea75b
_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-08-08 13:00 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-08-07 12:37 [pdm-devel] [PATCH proxmox-datacenter-manager] privileged api daemon: call fchownat with AT_SYMLINK_NOFOLLOW Lukas Wagner
2025-08-08 13:01 ` [pdm-devel] applied: " Thomas Lamprecht
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox