ryan77627/guix
1
0
Fork 0
mirror of https://git.in.rschanz.org/ryan77627/guix.git synced 2025-01-26 20:49:29 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

services: syslog: Do not call 'umask' in PID 1.

Browse source 
Fixes a race condition when starting services in parallel with shepherd
0.10.x whereby a service might create files and directories with umask #o137.

An example is the bitlbee service with its least-authority wrapper: the
wrapper would create a tree with directories set to #o640, thereby
making the whole directory tree inaccessible.

* gnu/services/base.scm (syslog-shepherd-service): Pass #:file-creation-mask
to 'make-forkexec-constructor' instead of calling 'umask' in PID 1.
This commit is contained in:
Ludovic Courtès 2023-05-11 10:23:30 +02:00
parent 3a00aba9e9
commit 695042ff10
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5
1 changed files with 5 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
gnu/services/base.scm
View file

@ -1574,16 +1574,11 @@ (define config-file
(display #$(G_ "Service syslog is not running.")))))))) (display #$(G_ "Service syslog is not running."))))))))
;; Note: a static file name is used for syslog.conf so that the reload ;; Note: a static file name is used for syslog.conf so that the reload
;; action work as intended. ;; action work as intended.
(start #~(let ((spawn (make-forkexec-constructor (start #~(make-forkexec-constructor
(list #$(syslog-configuration-syslogd config) (list #$(syslog-configuration-syslogd config)
#$(string-append "--rcfile=" syslog.conf)) #$(string-append "--rcfile=" syslog.conf))
#:pid-file "/var/run/syslog.pid"))) #:file-creation-mask #o137
(lambda () #:pid-file "/var/run/syslog.pid"))
;; Set the umask such that file permissions are #o640.
(let ((mask (umask #o137))
(pid (spawn)))
(umask mask)
pid))))
(stop #~(make-kill-destructor)))) (stop #~(make-kill-destructor))))
(define syslog-service-type (define syslog-service-type