Fix: do not rely on DAC_OVERRIDE capability on Linux despite being root
It turns out, for example, that SELinux will prevent this capability
for confined processes running as root. It then means that sbd cannot
access, as a client, files used for joining two local communication sides
within libqb-arranged IPC mechanism in case those files do not have
permissions to explicitly allow file-based access with credentials
of this client -- which is exactly what happens when the IPC servers
are pacemaker daemons not run as root on their own.
Solution is two-phased:
- have sbd add respective non-privileged group corresponding to the server side of the IPC -- this patch
- ensure this server side (pacemaker) does allow group-derived access (i.e., the access permissions for group are as relaxed as needed, umask notwithstanding) -- outside of the sbd's scope
Signed-off-by: Jan Pokorný <jpokorny@redhat.com>