dovecot-2.2: stats: Workaround opening /proc/self/io in processe...

[dovecot at dovecot.org]

details:   http://hg.dovecot.org/dovecot-2.2/rev/7acfc7b1b8f4
changeset: 17051:7acfc7b1b8f4
user:      Timo Sirainen <tss at iki.fi>
date:      Sun Dec 08 23:26:40 2013 +0200
description:
stats: Workaround opening /proc/self/io in processes that have only temporarily dropped root privileges.

diffstat:

 src/plugins/stats/stats-plugin.c |  35 ++++++++++++++++++++++++++---------
 1 files changed, 26 insertions(+), 9 deletions(-)

diffs (46 lines):

diff -r 78b34eb7c6c5 -r 7acfc7b1b8f4 src/plugins/stats/stats-plugin.c
--- a/src/plugins/stats/stats-plugin.c	Sun Dec 08 23:04:18 2013 +0200
+++ b/src/plugins/stats/stats-plugin.c	Sun Dec 08 23:26:40 2013 +0200
@@ -119,16 +119,33 @@
 
 static int process_io_open(void)
 {
+	uid_t uid;
+
+	if (proc_io_fd != -1)
+		return proc_io_fd;
+
+	if (proc_io_disabled)
+		return -1;
+	proc_io_fd = open(PROC_IO_PATH, O_RDONLY);
+	if (proc_io_fd == -1 && errno == EACCES) {
+		/* kludge: if we're running with permissions temporarily
+		   dropped, get them temporarily back so we can open
+		   /proc/self/io. */
+		uid = geteuid();
+		if (seteuid(0) == 0) {
+			proc_io_fd = open(PROC_IO_PATH, O_RDONLY);
+			if (seteuid(uid) < 0) {
+				/* oops, this is bad */
+				i_fatal("stats: seteuid(%s) failed", dec2str(uid));
+			}
+		}
+		errno = EACCES;
+	}
 	if (proc_io_fd == -1) {
-		if (proc_io_disabled)
-			return -1;
-		proc_io_fd = open(PROC_IO_PATH, O_RDONLY);
-		if (proc_io_fd == -1) {
-			if (errno != ENOENT)
-				i_error("open(%s) failed: %m", PROC_IO_PATH);
-			proc_io_disabled = TRUE;
-			return -1;
-		}
+		if (errno != ENOENT)
+			i_error("open(%s) failed: %m", PROC_IO_PATH);
+		proc_io_disabled = TRUE;
+		return -1;
 	}
 	return proc_io_fd;
 }