From d4caed28490b1480b29191c9d4c875a0f41175bd Mon Sep 17 00:00:00 2001 From: Josh Stone Date: Thu, 14 Jun 2012 16:52:28 -0700 Subject: [PATCH] PR14244: Assert that the real UID has access to debugfs Some systems are now defaulting debugfs to mode 0700. If the user has no access to debugfs, then they won't be able to communicate with the systemtap module. Thus, this should be a non-starter, before even loading the module at all. This was previously causing staprun to fail after loading the module, when it checked R/W access to the module's .ctl file. But since we also restrict removing modules to those you can control, staprun would not unload the new module either. --- runtime/staprun/staprun_funcs.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/runtime/staprun/staprun_funcs.c b/runtime/staprun/staprun_funcs.c index 119097c0c..d0c27d4ff 100644 --- a/runtime/staprun/staprun_funcs.c +++ b/runtime/staprun/staprun_funcs.c @@ -311,6 +311,18 @@ rename_module(void* module_file, const __off_t st_size) #endif } +static int +access_debugfs(void) +{ + /* We need to make sure that debugfs is accessible by the real UID, or + * else we won't be able to reach the .ctl path within. (PR14244) */ + int rc = access(DEBUGFSDIR, X_OK); + if (rc < 0) + err("ERROR: no access to debugfs; try \"chmod 0755 %s\" as root\n", + DEBUGFSDIR); + return rc; +} + int mountfs(void) { struct stat sb; @@ -320,7 +332,7 @@ int mountfs(void) /* If the debugfs dir is already mounted correctly, we're done. */ if (statfs(DEBUGFSDIR, &st) == 0 && (int) st.f_type == (int) DEBUGFS_MAGIC) - return 0; + return access_debugfs(); /* If DEBUGFSDIR exists (and is a directory), try to mount * DEBUGFSDIR. */ @@ -329,7 +341,7 @@ int mountfs(void) /* If we can mount the debugfs dir correctly, we're done. */ rc = mount ("debugfs", DEBUGFSDIR, "debugfs", 0, NULL); if (rc == 0) - return 0; + return access_debugfs(); /* If we got ENODEV, that means that debugfs isn't * supported, so we'll need try try relayfs. If we * didn't get ENODEV, we got a real error. */ -- 2.43.5