02/07: services: syslog: Do not call 'umask' in PID 1.

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

02/07: services: syslog: Do not call 'umask' in PID 1.

From:	guix-commits
Subject:	02/07: services: syslog: Do not call 'umask' in PID 1.
Date:	Thu, 11 May 2023 07:25:20 -0400 (EDT)

civodul pushed a commit to branch master
in repository guix.

commit 695042ff108f57fa190852f3fe1f06b2b1f6c967
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Thu May 11 10:23:30 2023 +0200

    services: syslog: Do not call 'umask' in PID 1.
    
    Fixes a race condition when starting services in parallel with shepherd
    0.10.x whereby a service might create files and directories with umask 
#o137.
    
    An example is the bitlbee service with its least-authority wrapper: the
    wrapper would create a tree with directories set to #o640, thereby
    making the whole directory tree inaccessible.
    
    * gnu/services/base.scm (syslog-shepherd-service): Pass #:file-creation-mask
    to 'make-forkexec-constructor' instead of calling 'umask' in PID 1.
---
 gnu/services/base.scm | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 4adb551796..a4005fc4fd 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -1574,16 +1574,11 @@ reload its settings file.")))
                     (display #$(G_ "Service syslog is not running."))))))))
    ;; Note: a static file name is used for syslog.conf so that the reload
    ;; action work as intended.
-   (start #~(let ((spawn (make-forkexec-constructor
-                          (list #$(syslog-configuration-syslogd config)
-                                #$(string-append "--rcfile=" syslog.conf))
-                          #:pid-file "/var/run/syslog.pid")))
-              (lambda ()
-                ;; Set the umask such that file permissions are #o640.
-                (let ((mask (umask #o137))
-                      (pid  (spawn)))
-                  (umask mask)
-                  pid))))
+   (start #~(make-forkexec-constructor
+             (list #$(syslog-configuration-syslogd config)
+                   #$(string-append "--rcfile=" syslog.conf))
+             #:file-creation-mask #o137
+             #:pid-file "/var/run/syslog.pid"))
    (stop #~(make-kill-destructor))))
 
 (define syslog-service-type

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated (4c7b5207cb -> 3186a52e11), guix-commits, 2023/05/11
- 01/07: services: dicod, bitlbee: Pass 'make-inetd-constructor' a list of endpoints., guix-commits, 2023/05/11
- 05/07: services: elogind: Add elogind as a shepherd PAM requirement., guix-commits, 2023/05/11
- 02/07: services: syslog: Do not call 'umask' in PID 1., guix-commits <=
- 03/07: tests: openvswitch: Wait for 'openvswitch-configuration' to be up., guix-commits, 2023/05/11
- 04/07: system: pam: Let PAM extensions add shepherd requirements., guix-commits, 2023/05/11
- 07/07: download: Refer to the 'guile-gnutls' package and not 'gnutls'., guix-commits, 2023/05/11
- 06/07: gnu: guile-gnutls: Fix cross-compilation., guix-commits, 2023/05/11

Prev by Date: 05/07: services: elogind: Add elogind as a shepherd PAM requirement.
Next by Date: 03/07: tests: openvswitch: Wait for 'openvswitch-configuration' to be up.
Previous by thread: 05/07: services: elogind: Add elogind as a shepherd PAM requirement.
Next by thread: 03/07: tests: openvswitch: Wait for 'openvswitch-configuration' to be up.
Index(es):
- Date
- Thread