diff options
| author | Robin H. Johnson <robbat2@gentoo.org> | 2012-01-23 10:26:58 +0000 |
|---|---|---|
| committer | Robin H. Johnson <robbat2@gentoo.org> | 2012-01-23 10:26:58 +0000 |
| commit | 426b94bd696933a72d8623fa1325b3562096957d (patch) | |
| tree | c8eb8a05f7fccc037fd19828b4626b4f7585a61f | |
| parent | 06b8084b2cf9308fe0cbbcdde0741a881b7609fb (diff) | |
Per the systemd tmpfiles implementation, we need to watch out for umask during initial creation of files as well as potentially changing permissions later. Also do not abort if the items exist already, per truncate rules in tmpfiles.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
| -rw-r--r-- | src/rc/checkpath.c | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/src/rc/checkpath.c b/src/rc/checkpath.c index 86623d94..b0914f3f 100644 --- a/src/rc/checkpath.c +++ b/src/rc/checkpath.c @@ -55,11 +55,17 @@ typedef enum { extern const char *applet; +/* TODO: SELinux + * This needs a LOT of SELinux loving + * See systemd's src/label.c:label_mkdir + */ static int do_check(char *path, uid_t uid, gid_t gid, mode_t mode, inode_t type, bool trunc) { struct stat st; int fd, flags; + int r; + int u; if (stat(path, &st) || trunc) { if (type == inode_file) { @@ -75,7 +81,10 @@ do_check(char *path, uid_t uid, gid_t gid, mode_t mode, inode_t type, bool trunc #endif if (trunc) flags |= O_TRUNC; - if ((fd = open(path, flags, mode)) == -1) { + u = umask(0); + fd = open(path, flags, mode); + umask(u); + if (fd == -1) { eerror("%s: open: %s", applet, strerror(errno)); return -1; } @@ -84,7 +93,11 @@ do_check(char *path, uid_t uid, gid_t gid, mode_t mode, inode_t type, bool trunc einfo("%s: creating directory", path); if (!mode) /* 775 */ mode = S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH; - if (mkdir(path, mode) == -1) { + u = umask(0); + /* We do not recursively create parents */ + r = mkdir(path, mode); + umask(u); + if (r == -1 && errno != EEXIST) { eerror("%s: mkdir: %s", applet, strerror (errno)); return -1; @@ -94,7 +107,10 @@ do_check(char *path, uid_t uid, gid_t gid, mode_t mode, inode_t type, bool trunc einfo("%s: creating fifo", path); if (!mode) /* 600 */ mode = S_IRUSR | S_IWUSR; - if (mkfifo(path, mode) == -1) { + u = umask(0); + r = mkfifo(path, mode); + umask(u); + if (r == -1 && errno != EEXIST) { eerror("%s: mkfifo: %s", applet, strerror (errno)); return -1; |