From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <gentoo-commits+bounces-1338605-garchives=archives.gentoo.org@lists.gentoo.org> Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id BCA72158086 for <garchives@archives.gentoo.org>; Thu, 11 Nov 2021 21:27:45 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 2785D2BC145; Thu, 11 Nov 2021 21:27:40 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 0FEC02BC145 for <gentoo-commits@lists.gentoo.org>; Thu, 11 Nov 2021 21:27:40 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 29CB23430F8 for <gentoo-commits@lists.gentoo.org>; Thu, 11 Nov 2021 21:27:39 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 583161CC for <gentoo-commits@lists.gentoo.org>; Thu, 11 Nov 2021 21:27:36 +0000 (UTC) From: "Jason Zaman" <perfinion@gentoo.org> To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" <perfinion@gentoo.org> Message-ID: <1636666010.bf6fdfd10493e1d4b51195cc9daa4a7093402c4f.perfinion@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: / X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: Makefile X-VCS-Directories: / X-VCS-Committer: perfinion X-VCS-Committer-Name: Jason Zaman X-VCS-Revision: bf6fdfd10493e1d4b51195cc9daa4a7093402c4f X-VCS-Branch: master Date: Thu, 11 Nov 2021 21:27:36 +0000 (UTC) Precedence: bulk List-Post: <mailto:gentoo-commits@lists.gentoo.org> List-Help: <mailto:gentoo-commits+help@lists.gentoo.org> List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org> List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org> List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org> X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 1a735acd-6348-463f-af6d-f7405dbceb4a X-Archives-Hash: 439621e8ad0b3978c664d5ee10ce9f3b commit: bf6fdfd10493e1d4b51195cc9daa4a7093402c4f Author: Christian Göttsche <cgzones <AT> googlemail <DOT> com> AuthorDate: Fri Nov 5 13:32:30 2021 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Thu Nov 11 21:26:50 2021 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=bf6fdfd1 Ignore umask on when installing headers Use install(1) with explicit permission to create directories and files. In case umask(2) is set too strict the installed files will otherwise not be readable by unprivileged users. Signed-off-by: Christian Göttsche <cgzones <AT> googlemail.com> Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> Makefile | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index ba346a27..53af1468 100644 --- a/Makefile +++ b/Makefile @@ -534,17 +534,19 @@ $(appdir)/%: $(appconf)/% # Install policy headers # install-headers: $(layerxml) $(tunxml) $(boolxml) $(gentooxml) - @mkdir -p $(headerdir) + $(verbose) $(INSTALL) -d -m 755 $(headerdir) @echo "Installing $(NAME) policy headers." $(verbose) $(INSTALL) -m 644 $^ $(headerdir) - $(verbose) mkdir -p $(headerdir)/support + $(verbose) $(INSTALL) -d -m 755 $(headerdir)/support $(verbose) $(INSTALL) -m 644 $(m4support) $(xmldtd) $(headerdir)/support $(verbose) $(INSTALL) -m 755 $(word $(words $(genxml)),$(genxml)) $(headerdir)/support + $(verbose) $(INSTALL) -m 644 /dev/null $(headerdir)/support/all_perms.spt $(verbose) $(genperm) $(avs) $(secclass) > $(headerdir)/support/all_perms.spt $(verbose) for i in $(notdir $(all_layers)); do \ - mkdir -p $(headerdir)/$$i ;\ + $(INSTALL) -d -m 755 $(headerdir)/$$i ;\ $(INSTALL) -m 644 $(moddir)/$$i/*.if $(headerdir)/$$i ;\ done + $(verbose) $(INSTALL) -m 644 /dev/null $(headerdir)/build.conf $(verbose) echo "TYPE ?= $(TYPE)" > $(headerdir)/build.conf $(verbose) echo "NAME ?= $(NAME)" >> $(headerdir)/build.conf ifneq "$(DISTRO)" ""