Bug#613648: ganeti2: Wrong permissions for /var/lock after "gnt-node add"

Wed, 16 Feb 2011 05:17:32 -0800 

Package: ganeti2
Version: 2.1.6-1
Severity: critical
Tags: patch upstream
Justification: breaks unrelated software


The command "gnt-node add" changes the permissions of /var/lock to "d-wxrwS--t"
(3661 octal, 1777 decimal!). Other programs are not able to create a lockfile
anymore. That was tested with logcheck, which did not work after adding a
ganeti node.

The fix is really simple: there are 3 occurences of 1777 in
/usr/sbin/ganeti-confd and /usr/sbin/ganeti-noded . They must be changed to
01777 .

-- System Information:
Debian Release: 6.0
  APT prefers squeeze-updates
  APT policy: (500, 'squeeze-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/24 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages ganeti2 depends on:
ii  bridge-utils            1.4-5            Utilities for configuring the Linu
ii  iproute                 20100519-3       networking and traffic control too
ii  iputils-arping          3:20100418-3     Tool to send ICMP echo requests to
ii  libjs-jquery            1.4.2-2          JavaScript library for dynamic web
ii  lvm2                    2.02.66-5        The Linux Logical Volume Manager
ii  openssh-client          1:5.5p1-6        secure shell (SSH) client, for sec
ii  openssh-server          1:5.5p1-6        secure shell (SSH) server, for sec
ii  openssl                 0.9.8o-4         Secure Socket Layer (SSL) binary a
ii  python                  2.6.6-3+squeeze5 interactive high-level object-orie
ii  python-openssl          0.10-1           Python wrapper around the OpenSSL 
ii  python-pyinotify        0.8.9-1          simple Linux inotify Python bindin
ii  python-pyparsing        1.5.2-2          Python parsing module
ii  python-simplejson       2.1.1-1          simple, fast, extensible JSON enco
ii  python-support          1.0.10           automated rebuilding support for P
ii  socat                   1.7.1.3-1        multipurpose relay for bidirection

Versions of packages ganeti2 recommends:
ii  drbd8-utils                2:8.3.7-2.1   RAID 1 over tcp/ip for Linux utili
ii  ganeti-instance-debootstra 0.9-3         debootstrap-based instance OS defi
ii  qemu-kvm                   0.12.5+dfsg-5 Full virtualization on x86 hardwar

Versions of packages ganeti2 suggests:
pn  drbd8-module-source           <none>     (no description available)

-- no debconf information

diff -u /usr/sbin/ganeti-confd /usr/sbin/ganeti-confd.new
--- /usr/sbin/ganeti-confd	2011-02-16 13:18:03.000000000 +0100
+++ /usr/sbin/ganeti-confd.new	2011-02-16 13:17:50.000000000 +0100
@@ -288,7 +288,7 @@
                         constants.RELEASE_VERSION)
 
   dirs = [(val, constants.RUN_DIRS_MODE) for val in constants.SUB_RUN_DIRS]
-  dirs.append((constants.LOCK_DIR, 1777))
+  dirs.append((constants.LOCK_DIR, 01777))
   daemon.GenericMain(constants.CONFD, parser, dirs, CheckConfd, ExecConfd)
 
 
diff -u /usr/sbin/ganeti-noded /usr/sbin/ganeti-noded.new
--- /usr/sbin/ganeti-noded	2011-02-16 13:17:58.000000000 +0100
+++ /usr/sbin/ganeti-noded.new	2011-02-16 13:17:50.000000000 +0100
@@ -893,7 +893,7 @@
 
   dirs = [(val, constants.RUN_DIRS_MODE) for val in constants.SUB_RUN_DIRS]
   dirs.append((constants.LOG_OS_DIR, 0750))
-  dirs.append((constants.LOCK_DIR, 1777))
+  dirs.append((constants.LOCK_DIR, 01777))
   daemon.GenericMain(constants.NODED, parser, dirs, CheckNoded, ExecNoded,
                      console_logging=True)

Reply via email to