From 7e5d3d15e71ea55881ca6cec5dce73d2ad1f2f04 Mon Sep 17 00:00:00 2001
From: Danny Auble <da@schedmd.com>
Date: Mon, 24 Jul 2017 14:10:49 -0600
Subject: [PATCH] Continuation of e5c055496571.

Get rid of any race conditions and call anything that was in
_pre_task_privileged from the parent instead of the child.

NOTE: This should be safe as we don't execute the task until after
_exec_wait_child_wait_for_parent is signaled which happens after all this is
long over.
---
 src/slurmd/slurmstepd/mgr.c | 28 ++++++----------------------
 1 file changed, 6 insertions(+), 22 deletions(-)

diff --git a/src/slurmd/slurmstepd/mgr.c b/src/slurmd/slurmstepd/mgr.c
index f50f2ac6299..7b3fac748c3 100644
--- a/src/slurmd/slurmstepd/mgr.c
+++ b/src/slurmd/slurmstepd/mgr.c
@@ -1403,19 +1403,6 @@ fail1:
 	return(rc);
 }
 
-static int
-_pre_task_privileged(stepd_step_rec_t *job, int taskid, struct priv_state *sp)
-{
-	if (_reclaim_privileges(sp) < 0)
-		return SLURM_ERROR;
-
-	if (spank_task_privileged (job, taskid) < 0)
-		return error("spank_task_init_privileged failed");
-
-	/* sp->gid_list should already be initialized */
-	return(_drop_privileges (job, true, sp, false));
-}
-
 struct exec_wait_info {
 	int id;
 	pid_t pid;
@@ -1725,15 +1712,6 @@ _fork_all_tasks(stepd_step_rec_t *job, bool *io_initialized)
 			if (conf->propagate_prio)
 				_set_prio_process(job);
 
-			/*
-			 *  Reclaim privileges and call any plugin hooks
-			 *  that may require elevated privs
-			 *  sprivs.gid_list is already set from the
-			 *  _drop_privileges call above, no not reinitialize.
-			 */
-			if (_pre_task_privileged(job, i, &sprivs) < 0)
-				exit(1);
-
  			if (_become_user(job, &sprivs) < 0) {
  				error("_become_user failed: %m");
 				/* child process, should not return */
@@ -1819,6 +1797,12 @@ _fork_all_tasks(stepd_step_rec_t *job, bool *io_initialized)
 			      i, job->task[i]->pid, job->pgid);
 		}
 
+		if (spank_task_privileged(job, i) < 0) {
+			error("spank_task_privileged: %m");
+			rc = SLURM_ERROR;
+			goto fail2;
+		}
+
 		if (task_g_pre_launch_priv(job, job->task[i]->pid) < 0) {
 			error("task_g_pre_launch_priv: %m");
 			rc = SLURM_ERROR;
-- 
GitLab