From: Casey Bodley <cbodley@redhat.com>
Date: Fri, 17 Apr 2020 14:50:55 +0000 (-0400)
Subject: rgw: use DEFER_DROP_PRIVILEGES flag unconditionally
X-Git-Tag: wip-pdonnell-testing-20200918.022351~1478^2~1
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=a9d9158233135d43f8c79ea86569f5d8f496d180;p=ceph-ci.git

rgw: use DEFER_DROP_PRIVILEGES flag unconditionally

this flag doesn't take effect unless its set before global_init()

Fixes: https://tracker.ceph.com/issues/44661

Signed-off-by: Casey Bodley <cbodley@redhat.com>
---

diff --git a/src/rgw/rgw_main.cc b/src/rgw/rgw_main.cc
index f9fd8bbb270..e50b5a7161a 100644
--- a/src/rgw/rgw_main.cc
+++ b/src/rgw/rgw_main.cc
@@ -203,6 +203,10 @@ int radosgw_Main(int argc, const char **argv)
   }
 
   int flags = CINIT_FLAG_UNPRIVILEGED_DAEMON_DEFAULTS;
+  // Prevent global_init() from dropping permissions until frontends can bind
+  // privileged ports
+  flags |= CINIT_FLAG_DEFER_DROP_PRIVILEGES;
+
   auto cct = global_init(&defaults, args, CEPH_ENTITY_TYPE_CLIENT,
 			 CODE_ENVIRONMENT_DAEMON,
 			 flags, "rgw_data");
@@ -221,9 +225,6 @@ int radosgw_Main(int argc, const char **argv)
     string& f = *iter;
 
     if (f.find("civetweb") != string::npos || f.find("beast") != string::npos) {
-      // If civetweb or beast is configured as a frontend, prevent global_init() from
-      // dropping permissions by setting the appropriate flag.
-      flags |= CINIT_FLAG_DEFER_DROP_PRIVILEGES;
       if (f.find("port") != string::npos) {
         // check for the most common ws problems
         if ((f.find("port=") == string::npos) ||