fix log appending to any file

With the capabilities, the open of the log file can be done on any file, making possible to modifify the content of the file. Let's drop the privilege when opening the file, so we ensure that is no longer possible. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

fix log appending to any file
28f602ff · Daniel Lezcano · 05cda563 · 28f602ff
Commit 28f602ff authored Jul 20, 2010 by Daniel Lezcano
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 2 deletions

log.c src/lxc/log.c +4 -2

No files found.
--- a/src/lxc/log.c
+++ b/src/lxc/log.c
@@ -33,7 +33,8 @@
 #include <fcntl.h>
 #include <stdlib.h>

-#include <lxc/log.h>
+#include "log.h"
+#include "caps.h"

 #define LXC_LOG_PREFIX_SIZE	32
 #define LXC_LOG_BUFFER_SIZE	512
@@ -127,7 +128,8 @@ static int log_open(const char *name)
 	int fd;
 	int newfd;

-	fd = open(name, O_CREAT | O_WRONLY | O_APPEND | O_CLOEXEC, 0666);
+	fd = lxc_unpriv(open(name, O_CREAT | O_WRONLY |
+			     O_APPEND | O_CLOEXEC, 0666));
 	if (fd == -1) {
 		ERROR("failed to open log file \"%s\" : %s", name,
 		      strerror(errno));