libvirtd: do not ignore failure to set group ID in privileged mode

* daemon/libvirtd.c (qemudListenUnix): Diagnose and fail upon
failure to set or restore group-ID.

diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c
index cee6f13888dfde1977ddc63f809bff12a06b7e76..9bdbecb779fb477e10b84d45e9f72f04ee2e31df 100644 (file)
--- a/daemon/libvirtd.c
+++ b/daemon/libvirtd.c
@@ -560,8 +560,10 @@ static int qemudListenUnix(struct qemud_server *server,
 
     oldgrp = getgid();
     oldmask = umask(readonly ? ~unix_sock_ro_mask : ~unix_sock_rw_mask);
-    if (server->privileged)
-        setgid(unix_sock_gid);
+    if (server->privileged && setgid(unix_sock_gid)) {
+        VIR_ERROR(_("Failed to set group ID to %d"), unix_sock_gid);
+        goto cleanup;
+    }
 
     if (bind(sock->fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
         VIR_ERROR(_("Failed to bind socket to '%s': %s"),
@@ -569,8 +571,10 @@ static int qemudListenUnix(struct qemud_server *server,
         goto cleanup;
     }
     umask(oldmask);
-    if (server->privileged)
-        setgid(oldgrp);
+    if (server->privileged && setgid(oldgrp)) {
+        VIR_ERROR(_("Failed to restore group ID to %d"), oldgrp);
+        goto cleanup;
+    }
 
     if (listen(sock->fd, 30) < 0) {
         VIR_ERROR(_("Failed to listen for connections on '%s': %s"),