From 700fb2b27eccf16c61bfee26aa555d4e77267306 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ferenc=20W=C3=A1gner?= <wferi@debian.org>
Date: Thu, 18 Apr 2019 13:20:38 +0200
Subject: [PATCH] Allow group access to the IPC directory

And don't abort if we aren't permitted to chown() it.  The client might
still have the privileges to enter it.
---
 lib/ipc_setup.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/ipc_setup.c b/lib/ipc_setup.c
index 1ef53b9..464de07 100644
--- a/lib/ipc_setup.c
+++ b/lib/ipc_setup.c
@@ -660,11 +660,12 @@ handle_new_connection(struct qb_ipcs_service *s,
 		res = -errno;
 		goto send_response;
 	}
-	res = chown(c->description, c->auth.uid, c->auth.gid);
-	if (res != 0) {
+	if (chmod(c->description, 0770)) {
 		res = -errno;
 		goto send_response;
 	}
+	/* chown can fail because we might not be root */
+	(void)chown(c->description, c->auth.uid, c->auth.gid);
 
 	/* We can't pass just a directory spec to the clients */
 	strncat(c->description,"/qb", CONNECTION_DESCRIPTION);