From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RpH7S-00009y-Fr for garchives@archives.gentoo.org; Mon, 23 Jan 2012 10:27:22 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B8849E081E; Mon, 23 Jan 2012 10:27:12 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 89E46E0819 for ; Mon, 23 Jan 2012 10:27:12 +0000 (UTC) Received: from pelican.gentoo.org (unknown [66.219.59.40]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 18A561B4024 for ; Mon, 23 Jan 2012 10:27:12 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by pelican.gentoo.org (Postfix) with ESMTP id 8193C8004C for ; Mon, 23 Jan 2012 10:27:11 +0000 (UTC) From: "Robin H. Johnson" To: gentoo-commits@lists.gentoo.org Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Robin H. Johnson" Message-ID: <426b94bd696933a72d8623fa1325b3562096957d.robbat2@gentoo> Subject: [gentoo-commits] proj/openrc:master commit in: src/rc/ X-VCS-Repository: proj/openrc X-VCS-Files: src/rc/checkpath.c X-VCS-Directories: src/rc/ X-VCS-Committer: robbat2 X-VCS-Committer-Name: Robin H. Johnson X-VCS-Revision: 426b94bd696933a72d8623fa1325b3562096957d Date: Mon, 23 Jan 2012 10:27:11 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 8c852afb-b223-4677-bae8-6e6221e19fdf X-Archives-Hash: 432013df4adccca9bbfbd4e1e5aa1a50 commit: 426b94bd696933a72d8623fa1325b3562096957d Author: Robin H. Johnson gentoo org> AuthorDate: Mon Jan 23 10:26:58 2012 +0000 Commit: Robin H. Johnson gentoo org> CommitDate: Mon Jan 23 10:26:58 2012 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=3Dproj/openrc.git;a=3D= commit;h=3D426b94bd Per the systemd tmpfiles implementation, we need to watch out for umask d= uring initial creation of files as well as potentially changing permissio= ns later. Also do not abort if the items exist already, per truncate rule= s in tmpfiles. Signed-off-by: Robin H. Johnson gentoo.org> --- src/rc/checkpath.c | 22 +++++++++++++++++++--- 1 files changed, 19 insertions(+), 3 deletions(-) diff --git a/src/rc/checkpath.c b/src/rc/checkpath.c index 86623d9..b0914f3 100644 --- a/src/rc/checkpath.c +++ b/src/rc/checkpath.c @@ -55,11 +55,17 @@ typedef enum { =20 extern const char *applet; =20 +/* TODO: SELinux + * This needs a LOT of SELinux loving + * See systemd's src/label.c:label_mkdir + */ static int do_check(char *path, uid_t uid, gid_t gid, mode_t mode, inode_t type, bo= ol trunc) { struct stat st; int fd, flags; + int r; + int u; =20 if (stat(path, &st) || trunc) { if (type =3D=3D inode_file) { @@ -75,7 +81,10 @@ do_check(char *path, uid_t uid, gid_t gid, mode_t mode= , inode_t type, bool trunc #endif if (trunc) flags |=3D O_TRUNC; - if ((fd =3D open(path, flags, mode)) =3D=3D -1) { + u =3D umask(0); + fd =3D open(path, flags, mode); + umask(u); + if (fd =3D=3D -1) { eerror("%s: open: %s", applet, strerror(errno)); return -1; } @@ -84,7 +93,11 @@ do_check(char *path, uid_t uid, gid_t gid, mode_t mode= , inode_t type, bool trunc einfo("%s: creating directory", path); if (!mode) /* 775 */ mode =3D S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH; - if (mkdir(path, mode) =3D=3D -1) { + u =3D umask(0); + /* We do not recursively create parents */ + r =3D mkdir(path, mode); + umask(u); + if (r =3D=3D -1 && errno !=3D EEXIST) { eerror("%s: mkdir: %s", applet, strerror (errno)); return -1; @@ -94,7 +107,10 @@ do_check(char *path, uid_t uid, gid_t gid, mode_t mod= e, inode_t type, bool trunc einfo("%s: creating fifo", path); if (!mode) /* 600 */ mode =3D S_IRUSR | S_IWUSR; - if (mkfifo(path, mode) =3D=3D -1) { + u =3D umask(0); + r =3D mkfifo(path, mode); + umask(u); + if (r =3D=3D -1 && errno !=3D EEXIST) { eerror("%s: mkfifo: %s", applet, strerror (errno)); return -1;