ctdb: open the RO tracking db with perms 0600 instead of 0000

While 0000 is possible from the UNIX/POSIX point of view,
these permissions create problems in an environment with
selinux enabled, which is more strict.

This aligns the perms of the read only tracking db with other
internal dbs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11577

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Oct 28 06:13:09 CET 2015 on sn-devel-104

diff --git a/ctdb/server/ctdb_ltdb_server.c b/ctdb/server/ctdb_ltdb_server.c
index 93e90413d0aeba37933e6feec54cc89b4891ceba..3386bba2c3e482241fc12e66baa1ea05f4b672e2 100644 (file)
--- a/ctdb/server/ctdb_ltdb_server.c
+++ b/ctdb/server/ctdb_ltdb_server.c
@@ -721,7 +721,7 @@ int ctdb_set_db_readonly(struct ctdb_context *ctdb, struct ctdb_db_context *ctdb
        ctdb_db->rottdb = tdb_open(ropath, 
                              ctdb->tunable.database_hash_size, 
                              TDB_NOLOCK|TDB_CLEAR_IF_FIRST|TDB_NOSYNC,
-                             O_CREAT|O_RDWR, 0);
+                             O_CREAT|O_RDWR, 0600);
        if (ctdb_db->rottdb == NULL) {
                DEBUG(DEBUG_CRIT,("Failed to open/create the tracking database '%s'\n", ropath));
                talloc_free(ropath);