me
/
guix
Archived
1
0
Fork 0
Code

daemon: Set the umask to 022 when starting. 

* nix/nix-daemon/guix-daemon.cc (main): Add 'umask' call.
* test-env.in: Remove use of 'umask'.
master
Ludovic Courtès 2013-10-10 21:32:27 +02:00
parent 66fb2d23a3
commit b49632e793
2 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
nix/nix-daemon/guix-daemon.cc
View File

@ -29,6 +29,7 @@
#include <argp.h> #include <argp.h>
#include <unistd.h> #include <unistd.h>
#include <sys/types.h> #include <sys/types.h>
#include <sys/stat.h>
#include <exception> #include <exception>
/* Variables used by `nix-daemon.cc'. */ /* Variables used by `nix-daemon.cc'. */
@ -194,6 +195,11 @@ main (int argc, char *argv[])
exit (EXIT_FAILURE); exit (EXIT_FAILURE);
} }
/* Set the umask so that the daemon does not end up creating group-writable
files, which would lead to "suspicious ownership or permission" errors.
See <http://lists.gnu.org/archive/html/bug-guix/2013-07/msg00033.html>. */
umask (S_IWGRP | S_IWOTH);
#ifdef HAVE_CHROOT #ifdef HAVE_CHROOT
settings.useChroot = true; settings.useChroot = true;
#else #else

4
test-env.in
View File

@ -56,10 +56,6 @@ then
# Do that because store.scm calls `canonicalize-path' on it. # Do that because store.scm calls `canonicalize-path' on it.
mkdir -p "$NIX_STORE_DIR" mkdir -p "$NIX_STORE_DIR"
# Set the umask to avoid "suspicious ownership or permission" errors.
# See <http://lists.gnu.org/archive/html/bug-guix/2013-07/msg00033.html>.
umask 0022
# Launch the daemon without chroot support because is may be # Launch the daemon without chroot support because is may be
# unavailable, for instance if we're not running as root. # unavailable, for instance if we're not running as root.
"@abs_top_builddir@/pre-inst-env" \ "@abs_top_builddir@/pre-inst-env" \