On Wed, Feb 16, 2011 at 01:29:16PM +0100, Ronny Lindner wrote: > Package: ganeti2 > Version: 2.1.6-1 > Severity: critical > Tags: patch upstream > Justification: breaks unrelated software > > > The command "gnt-node add" changes the permissions of /var/lock to > "d-wxrwS--t" > (3661 octal, 1777 decimal!). Other programs are not able to create a lockfile > anymore. That was tested with logcheck, which did not work after adding a > ganeti node. > > The fix is really simple: there are 3 occurences of 1777 in > /usr/sbin/ganeti-confd and /usr/sbin/ganeti-noded . They must be changed to > 01777 .
Thanks for the fix. Will prepare a package and sent for stable update.
On Wed, Feb 16, 2011 at 02:54:39PM +0100, Ronny Lindner wrote:
> I attached another patch against the source package of ganeti.
>
> Cu, Ronny
> --- daemons/ensure-dirs.in 2011-02-16 14:27:07.000000000 +0100
> +++ daemons/ensure-dirs.in.new 2011-02-16 14:42:37.000000000 +0100
> @@ -138,7 +138,7 @@
> }
>
> _ensure_lockdir() {
> - _ensure_dir ${LOCKDIR} 1777 ""
> + _ensure_dir ${LOCKDIR} 01777 ""
Actually, this is wrong. _ensure_dir uses chown, and chown always uses
octal (“A numeric mode is from one to four octal digits (0-7)”); so
5 digits is wrong…
Speaking as upstream, will review the rest of the code to make sure we
don't have this issue in other places. And sorry for this bug!
thanks,
iustin
signature.asc
Description: Digital signature
