From patchwork Mon Nov 9 20:43:13 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andy Zhou X-Patchwork-Id: 541995 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from archives.nicira.com (li376-54.members.linode.com [96.126.127.54]) by ozlabs.org (Postfix) with ESMTP id 357141413ED for ; Tue, 10 Nov 2015 07:44:21 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=nicira_com.20150623.gappssmtp.com header.i=@nicira_com.20150623.gappssmtp.com header.b=ceFtyaPx; dkim-atps=neutral Received: from archives.nicira.com (localhost [127.0.0.1]) by archives.nicira.com (Postfix) with ESMTP id 63F611057C; Mon, 9 Nov 2015 12:44:09 -0800 (PST) X-Original-To: dev@openvswitch.org Delivered-To: dev@openvswitch.org Received: from mx1e3.cudamail.com (mx1.cudamail.com [69.90.118.67]) by archives.nicira.com (Postfix) with ESMTPS id 065E510301 for ; Mon, 9 Nov 2015 12:44:08 -0800 (PST) Received: from bar2.cudamail.com (localhost [127.0.0.1]) by mx1e3.cudamail.com (Postfix) with ESMTPS id 4642942026C for ; Mon, 9 Nov 2015 13:44:07 -0700 (MST) X-ASG-Debug-ID: 1447101846-03dc5308821904f0001-byXFYA Received: from mx1-pf2.cudamail.com ([192.168.24.2]) by bar2.cudamail.com with ESMTP id tgBCC3imnK7ZgF5k (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 09 Nov 2015 13:44:06 -0700 (MST) X-Barracuda-Envelope-From: azhou@nicira.com X-Barracuda-RBL-Trusted-Forwarder: 192.168.24.2 Received: from unknown (HELO mail-pa0-f43.google.com) (209.85.220.43) by mx1-pf2.cudamail.com with ESMTPS (RC4-SHA encrypted); 9 Nov 2015 20:44:06 -0000 Received-SPF: unknown (mx1-pf2.cudamail.com: Multiple SPF records returned) X-Barracuda-RBL-Trusted-Forwarder: 209.85.220.43 Received: by pasz6 with SMTP id z6so216196595pas.2 for ; Mon, 09 Nov 2015 12:44:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nicira_com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=vFIKxL1LsQ9J0UJxXUerPdMPEvZhAryUqMajx2XVdEs=; b=ceFtyaPxnIsYezADKa0XfAPO3N3UbIpgbvyHDQI/FUl+GSMAyuTALPNfHtz4ReJZTA eFzOgt5V07Sjtvk9TfPPo/DOANmYuD0Qu27czWieLQAcIXQ8TLHVh4LyRsJeovF6gvMQ 3MJbM15Va+y5ZHuRRRPSBrNHBrZ4+V5kpyP3I2kHNJSzmahiSf0X8zXKd51SiiXJDjnl XBdJcvk59voiiOf9Kk9EAumhKcVjOz9a0m0lS2irom411EancxXcUefvqSgq4fu3kW+t aOExEcVvs5G0ldU2ty8t0P3FuUegpPam0eRB+D8vVfRtOUL68LPy8pu6kmImRafF4MDq YGyw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=vFIKxL1LsQ9J0UJxXUerPdMPEvZhAryUqMajx2XVdEs=; b=kTYdUx8PQc/LKId9JcF2JvjwG/hwuolDp50zsf8bIrCRWA/bjrSwnisJIyDzODd4T8 zHljBEw0+Y/gwCJIaOA7kcW7+BDfAVJTZEEwtpuupd5FaAP1UHvuip240lgFbXBbtMT3 EhLOHnninDzE5smgEFPoxsuLgJGd1qSWmSMDbWu983cBOUCNmjhSz+7JeIryuBGjXwPd ZIe0WdQoHgLVL87LYBHSIdhMd1I2w/YBlX02nrFLDFtfO5l8/CfoLmiCK6xSjh+CujGB 52tpaqMqMLM8k9lsvLjrLTfC5O0jeyAq+DdR/g8LpbYMxMbqkV4XsLRuB5ekYdLIvUGT qYFA== X-Gm-Message-State: ALoCoQnv6EoD2KMHrVnyXWhzqjc660AFjZs0MS7Kl44AkitJ8pitkwnexGdvAQXAxVmdhi6oYujJ X-Received: by 10.66.158.129 with SMTP id wu1mr15569220pab.146.1447101845926; Mon, 09 Nov 2015 12:44:05 -0800 (PST) Received: from localhost.localdomain ([208.91.1.34]) by smtp.gmail.com with ESMTPSA id vg7sm16248822pbc.2.2015.11.09.12.44.05 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 09 Nov 2015 12:44:05 -0800 (PST) X-CudaMail-Envelope-Sender: azhou@nicira.com X-Barracuda-Apparent-Source-IP: 208.91.1.34 From: Andy Zhou To: dev@openvswitch.org X-CudaMail-Whitelist-To: dev@openvswitch.org X-CudaMail-MID: CM-E2-1108075526 X-CudaMail-DTE: 110915 X-CudaMail-Originating-IP: 209.85.220.43 Date: Mon, 9 Nov 2015 12:43:13 -0800 X-ASG-Orig-Subj: [##CM-E2-1108075526##][additional --user changes v2 3/3] lib: allow group access to Unix domain sockets Message-Id: <1447101793-13804-3-git-send-email-azhou@nicira.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1447101793-13804-1-git-send-email-azhou@nicira.com> References: <1447101793-13804-1-git-send-email-azhou@nicira.com> X-Barracuda-Connect: UNKNOWN[192.168.24.2] X-Barracuda-Start-Time: 1447101846 X-Barracuda-Encrypted: DHE-RSA-AES256-SHA X-Barracuda-URL: https://web.cudamail.com:443/cgi-mod/mark.cgi X-ASG-Whitelist: Header =?UTF-8?B?eFwtY3VkYW1haWxcLXdoaXRlbGlzdFwtdG8=?= X-Virus-Scanned: by bsmtpd at cudamail.com X-Barracuda-BRTS-Status: 1 Subject: [ovs-dev] [additional --user changes v2 3/3] lib: allow group access to Unix domain sockets X-BeenThere: dev@openvswitch.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: dev-bounces@openvswitch.org Sender: "dev" By default, Unix domain sockets are created with file system permission mode of 0700. This means that only processes that runs under the same user can access this socket. For OVS, it may be more convenient to control access at the group level rather than at the user level, since other processes need to access OVSDB and UNIXCTL sockets while running under different users. This patch changes Unix domain sockets' file system permission to 0770, to grant group access. It has not been an issue in the past since OVS, until very recently, had to run as root. If a process needed to access OVSDB or UNIXCTL sockets, it had to be a root process as well. With the added --user option to OVS daemons and this change, system administrators can deploy OVS more securely: OVS daemons can run as a non root user. Various processes that need to talk to OVS does not have to run as root process anymore. Signed-off-by: Andy Zhou --- v1->v2: Move the permission change from make_unix_socket() to bind_unix_socket(). --- lib/socket-util-unix.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/socket-util-unix.c b/lib/socket-util-unix.c index afab195..32f966d 100644 --- a/lib/socket-util-unix.c +++ b/lib/socket-util-unix.c @@ -259,10 +259,10 @@ free_sockaddr_un(int dirfd, const char *linkname) } /* Binds Unix domain socket 'fd' to a file with permissions 0700. */ -static int -bind_unix_socket(int fd, struct sockaddr *sun, socklen_t sun_len) +static int bind_unix_socket(int fd, struct sockaddr *sun, socklen_t sun_len) { - const mode_t mode = 0700; + const mode_t mode = 0770; /* Allow both user and group access. */ + if (LINUX) { /* On Linux, the fd's permissions become the file's permissions. * fchmod() does not affect other files, like umask() does. */