[PATCH] ctdb: fix restarting ctdb in selinux environments

[Michael Adam]

Hi,

The read only tracking dbs are opened with perms 0000 by ctdb.
This is prevented by selinux which seems to be more strict than
pure unix.

I could not find a reason for this special mode instead of, e.g.
0600, so attached find a patch that sets these dbs to 0600 just
like the other internal tdbs.

Review/comments/push appreciated.

Thanks - Michael

-------------- next part --------------
From 3d5740c65846a32f95a2a4efc765760a6a492fcd Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Tue, 27 Oct 2015 10:20:31 +0100
Subject: [PATCH] ctdb: open the RO tracking db with perms 0600 instead of 0000

While 0000 is possible from the UNIX/POSIX point of view,
these permissions create problems in an environment with
selinux enabled, which is more strict.

This aligns the perms of the read only tracking db with other
internal dbs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11577

Signed-off-by: Michael Adam <obnox at samba.org>
---
 ctdb/server/ctdb_ltdb_server.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ctdb/server/ctdb_ltdb_server.c b/ctdb/server/ctdb_ltdb_server.c
index 93e9041..3386bba 100644
--- a/ctdb/server/ctdb_ltdb_server.c
+++ b/ctdb/server/ctdb_ltdb_server.c
@@ -721,7 +721,7 @@ int ctdb_set_db_readonly(struct ctdb_context *ctdb, struct ctdb_db_context *ctdb
 	ctdb_db->rottdb = tdb_open(ropath, 
 			      ctdb->tunable.database_hash_size, 
 			      TDB_NOLOCK|TDB_CLEAR_IF_FIRST|TDB_NOSYNC,
-			      O_CREAT|O_RDWR, 0);
+			      O_CREAT|O_RDWR, 0600);
 	if (ctdb_db->rottdb == NULL) {
 		DEBUG(DEBUG_CRIT,("Failed to open/create the tracking database '%s'\n", ropath));
 		talloc_free(ropath);
-- 
2.4.3

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20151027/2375e619/signature.sig>