mirror of
https://github.com/systemd/systemd
synced 2024-10-04 23:31:09 +00:00
core: be more paranoid when mixing umask and fopen()
Let's be extra careful with the umask when we use simple fopen(), as this creates files with 0777 by default.
This commit is contained in:
parent
4f4afc88ec
commit
8612da973d
|
@ -55,6 +55,7 @@
|
|||
#include "string-util.h"
|
||||
#include "strv.h"
|
||||
#include "time-util.h"
|
||||
#include "umask-util.h"
|
||||
#include "user-util.h"
|
||||
#include "util.h"
|
||||
|
||||
|
@ -781,7 +782,8 @@ int update_reboot_param_file(const char *param) {
|
|||
int r = 0;
|
||||
|
||||
if (param) {
|
||||
r = write_string_file(REBOOT_PARAM_FILE, param, WRITE_STRING_FILE_CREATE);
|
||||
RUN_WITH_UMASK(0022)
|
||||
r = write_string_file(REBOOT_PARAM_FILE, param, WRITE_STRING_FILE_CREATE);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to write reboot param to "REBOOT_PARAM_FILE": %m");
|
||||
} else
|
||||
|
|
|
@ -259,9 +259,8 @@ int machine_id_setup(const char *root, sd_id128_t machine_id) {
|
|||
/* Hmm, we couldn't write it? So let's write it to
|
||||
* /run/machine-id as a replacement */
|
||||
|
||||
RUN_WITH_UMASK(0022) {
|
||||
RUN_WITH_UMASK(0022)
|
||||
r = write_string_file(run_machine_id, id, WRITE_STRING_FILE_CREATE);
|
||||
}
|
||||
if (r < 0) {
|
||||
(void) unlink(run_machine_id);
|
||||
return log_error_errno(r, "Cannot write %s: %m", run_machine_id);
|
||||
|
|
|
@ -81,6 +81,7 @@
|
|||
#include "strv.h"
|
||||
#include "switch-root.h"
|
||||
#include "terminal-util.h"
|
||||
#include "umask-util.h"
|
||||
#include "user-util.h"
|
||||
#include "virt.h"
|
||||
#include "watchdog.h"
|
||||
|
@ -1237,7 +1238,8 @@ static int write_container_id(void) {
|
|||
if (isempty(c))
|
||||
return 0;
|
||||
|
||||
r = write_string_file("/run/systemd/container", c, WRITE_STRING_FILE_CREATE);
|
||||
RUN_WITH_UMASK(0022)
|
||||
r = write_string_file("/run/systemd/container", c, WRITE_STRING_FILE_CREATE);
|
||||
if (r < 0)
|
||||
return log_warning_errno(r, "Failed to write /run/systemd/container, ignoring: %m");
|
||||
|
||||
|
|
Loading…
Reference in a new issue