[systemd-commits] 4 commits - src/binfmt.c src/cryptsetup.c src/cryptsetup-generator.c src/execute.c src/fsck.c src/getty-generator.c src/hostnamed.c src/initctl.c src/kmsg-syslogd.c src/localed.c src/logger.c src/logind.c src/machine-id-setup.c src/manager.c src/modules-load.c src/nspawn.c src/quotacheck.c src/random-seed.c src/readahead-collect.c src/readahead-replay.c src/remount-api-vfs.c src/shutdown.c src/shutdownd.c src/sysctl.c src/timedated.c src/tmpfiles.c src/tty-ask-password-agent.c src/uaccess.c src/update-utmp.c src/user-sessions.c src/vconsole-setup.c
Lennart Poettering
lennart at kemper.freedesktop.org
Mon Aug 1 12:35:18 PDT 2011
src/binfmt.c | 2 ++
src/cryptsetup-generator.c | 2 ++
src/cryptsetup.c | 2 ++
src/execute.c | 4 ++--
src/fsck.c | 2 ++
src/getty-generator.c | 6 ++++--
src/hostnamed.c | 4 ++--
src/initctl.c | 2 ++
src/kmsg-syslogd.c | 2 ++
src/localed.c | 4 ++--
src/logger.c | 2 ++
src/logind.c | 4 ++--
src/machine-id-setup.c | 3 +++
src/manager.c | 3 +++
src/modules-load.c | 2 ++
src/nspawn.c | 3 +--
src/quotacheck.c | 2 ++
src/random-seed.c | 2 ++
src/readahead-collect.c | 2 ++
src/readahead-replay.c | 2 ++
src/remount-api-vfs.c | 2 ++
src/shutdown.c | 2 ++
src/shutdownd.c | 2 ++
src/sysctl.c | 2 ++
src/timedated.c | 4 ++--
src/tmpfiles.c | 2 ++
src/tty-ask-password-agent.c | 2 ++
src/uaccess.c | 2 ++
src/update-utmp.c | 2 ++
src/user-sessions.c | 2 ++
src/vconsole-setup.c | 2 ++
31 files changed, 65 insertions(+), 14 deletions(-)
New commits:
commit fa8f36ac15f6c3985f053cdd3698655958442f7f
Author: Lennart Poettering <lennart at poettering.net>
Date: Mon Aug 1 21:34:42 2011 +0200
execute: properly enforce group
https://bugzilla.redhat.com/show_bug.cgi?id=723892
diff --git a/src/execute.c b/src/execute.c
index f07d018..668bf9d 100644
--- a/src/execute.c
+++ b/src/execute.c
@@ -1193,7 +1193,7 @@ int exec_spawn(ExecCommand *command,
}
if (apply_permissions)
- if (enforce_groups(context, username, uid) < 0) {
+ if (enforce_groups(context, username, gid) < 0) {
r = EXIT_GROUP;
goto fail_child;
}
commit 4c12626c8e3491570b395d68380543e10c98ad33
Author: Lennart Poettering <lennart at poettering.net>
Date: Mon Aug 1 20:52:18 2011 +0200
umask: change default umask to 0022 just to be sure, and set it explicitly in all binaries, in order to make sure it is set when started from the terminal
diff --git a/src/binfmt.c b/src/binfmt.c
index a815a11..552d8cc 100644
--- a/src/binfmt.c
+++ b/src/binfmt.c
@@ -127,6 +127,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if (argc > 1) {
r = apply_file(argv[1], false);
} else {
diff --git a/src/cryptsetup-generator.c b/src/cryptsetup-generator.c
index db8ebdf..a340218 100644
--- a/src/cryptsetup-generator.c
+++ b/src/cryptsetup-generator.c
@@ -246,6 +246,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if (!(f = fopen("/etc/crypttab", "re"))) {
if (errno == ENOENT)
diff --git a/src/cryptsetup.c b/src/cryptsetup.c
index c0caf9a..cf288de 100644
--- a/src/cryptsetup.c
+++ b/src/cryptsetup.c
@@ -241,6 +241,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if (streq(argv[1], "attach")) {
uint32_t flags = 0;
int k;
diff --git a/src/execute.c b/src/execute.c
index 7b25679..f07d018 100644
--- a/src/execute.c
+++ b/src/execute.c
@@ -1402,7 +1402,7 @@ fail_parent:
void exec_context_init(ExecContext *c) {
assert(c);
- c->umask = 0002;
+ c->umask = 0022;
c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0);
c->cpu_sched_policy = SCHED_OTHER;
c->syslog_priority = LOG_DAEMON|LOG_INFO;
diff --git a/src/fsck.c b/src/fsck.c
index 19ca753..5d9cf24 100644
--- a/src/fsck.c
+++ b/src/fsck.c
@@ -163,6 +163,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
parse_proc_cmdline();
test_files();
diff --git a/src/getty-generator.c b/src/getty-generator.c
index 7b91094..b8228e9 100644
--- a/src/getty-generator.c
+++ b/src/getty-generator.c
@@ -73,6 +73,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if (detect_container(NULL) > 0) {
log_debug("Automatic adding console shell.");
diff --git a/src/hostnamed.c b/src/hostnamed.c
index 7b2ce69..e3b89a4 100644
--- a/src/hostnamed.c
+++ b/src/hostnamed.c
@@ -559,6 +559,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if (argc == 2 && streq(argv[1], "--introspect")) {
fputs(DBUS_INTROSPECT_1_0_XML_DOCTYPE_DECL_NODE
"<node>\n", stdout);
@@ -576,8 +578,6 @@ int main(int argc, char *argv[]) {
if (!check_nss())
log_warning("Warning: nss-myhostname is not installed. Changing the local hostname might make it unresolveable. Please install nss-myhostname!");
- umask(0022);
-
r = read_data();
if (r < 0) {
log_error("Failed to read hostname data: %s", strerror(-r));
diff --git a/src/initctl.c b/src/initctl.c
index dd74314..7096a82 100644
--- a/src/initctl.c
+++ b/src/initctl.c
@@ -364,6 +364,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if ((n = sd_listen_fds(true)) < 0) {
log_error("Failed to read listening file descriptors from environment: %s", strerror(-r));
return EXIT_FAILURE;
diff --git a/src/kmsg-syslogd.c b/src/kmsg-syslogd.c
index 60d3244..83c2047 100644
--- a/src/kmsg-syslogd.c
+++ b/src/kmsg-syslogd.c
@@ -455,6 +455,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if ((n = sd_listen_fds(true)) < 0) {
log_error("Failed to read listening file descriptors from environment: %s", strerror(-r));
return EXIT_FAILURE;
diff --git a/src/localed.c b/src/localed.c
index 93e4e9b..cb8acf2 100644
--- a/src/localed.c
+++ b/src/localed.c
@@ -575,6 +575,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if (argc == 2 && streq(argv[1], "--introspect")) {
fputs(DBUS_INTROSPECT_1_0_XML_DOCTYPE_DECL_NODE
"<node>\n", stdout);
@@ -589,8 +591,6 @@ int main(int argc, char *argv[]) {
goto finish;
}
- umask(0022);
-
r = read_data();
if (r < 0) {
log_error("Failed to read locale data: %s", strerror(-r));
diff --git a/src/logger.c b/src/logger.c
index 81196db..435d5a7 100644
--- a/src/logger.c
+++ b/src/logger.c
@@ -637,6 +637,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if ((n = sd_listen_fds(true)) < 0) {
log_error("Failed to read listening file descriptors from environment: %s", strerror(-r));
return EXIT_FAILURE;
diff --git a/src/logind.c b/src/logind.c
index ca48aa1..b84242e 100644
--- a/src/logind.c
+++ b/src/logind.c
@@ -1193,14 +1193,14 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if (argc != 1) {
log_error("This program takes no arguments.");
r = -EINVAL;
goto finish;
}
- umask(0022);
-
m = manager_new();
if (!m) {
log_error("Out of memory");
diff --git a/src/machine-id-setup.c b/src/machine-id-setup.c
index be51d0d..519521f 100644
--- a/src/machine-id-setup.c
+++ b/src/machine-id-setup.c
@@ -167,7 +167,10 @@ int machine_id_setup(void) {
mkdir_p("/run/systemd", 0755);
+ m = umask(0022);
r = write_one_line_file("/run/systemd/machine-id", id);
+ umask(m);
+
if (r < 0) {
log_error("Cannot write /run/systemd/machine-id: %s", strerror(-r));
diff --git a/src/modules-load.c b/src/modules-load.c
index d76defa..4b3b121 100644
--- a/src/modules-load.c
+++ b/src/modules-load.c
@@ -46,6 +46,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if (!(arguments = strv_new("/sbin/modprobe", "-sab", "--", NULL))) {
log_error("Failed to allocate string array");
goto finish;
diff --git a/src/nspawn.c b/src/nspawn.c
index a1ed425..f4d63ea 100644
--- a/src/nspawn.c
+++ b/src/nspawn.c
@@ -314,7 +314,6 @@ static int copy_devnodes(const char *dest, const char *console) {
}
finish:
-
umask(u);
return r;
@@ -776,7 +775,7 @@ int main(int argc, char *argv[]) {
goto child_fail;
}
- umask(0002);
+ umask(0022);
if (drop_capabilities() < 0)
goto child_fail;
diff --git a/src/quotacheck.c b/src/quotacheck.c
index ba12b27..c475cec 100644
--- a/src/quotacheck.c
+++ b/src/quotacheck.c
@@ -90,6 +90,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
parse_proc_cmdline();
test_files();
diff --git a/src/random-seed.c b/src/random-seed.c
index 054233e..ee5cae3 100644
--- a/src/random-seed.c
+++ b/src/random-seed.c
@@ -47,6 +47,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
/* Read pool size, if possible */
if ((f = fopen("/proc/sys/kernel/random/poolsize", "re"))) {
fscanf(f, "%zu", &buf_size);
diff --git a/src/readahead-collect.c b/src/readahead-collect.c
index 20881b3..df467f1 100644
--- a/src/readahead-collect.c
+++ b/src/readahead-collect.c
@@ -656,6 +656,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if ((r = parse_argv(argc, argv)) <= 0)
return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
diff --git a/src/readahead-replay.c b/src/readahead-replay.c
index 0b84528..e97a0cf 100644
--- a/src/readahead-replay.c
+++ b/src/readahead-replay.c
@@ -340,6 +340,8 @@ int main(int argc, char*argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if ((r = parse_argv(argc, argv)) <= 0)
return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
diff --git a/src/remount-api-vfs.c b/src/remount-api-vfs.c
index 5b18728..8bbc021 100644
--- a/src/remount-api-vfs.c
+++ b/src/remount-api-vfs.c
@@ -52,6 +52,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if (!(f = setmntent("/etc/fstab", "r"))) {
log_error("Failed to open /etc/fstab: %m");
goto finish;
diff --git a/src/shutdown.c b/src/shutdown.c
index 52bad21..1c6dc65 100644
--- a/src/shutdown.c
+++ b/src/shutdown.c
@@ -295,6 +295,8 @@ int main(int argc, char *argv[]) {
log_set_target(LOG_TARGET_CONSOLE); /* syslog will die if not gone yet */
log_open();
+ umask(0022);
+
if (getpid() != 1) {
log_error("Not executed by init (pid 1).");
r = -EPERM;
diff --git a/src/shutdownd.c b/src/shutdownd.c
index 49ab886..0ffa8b2 100644
--- a/src/shutdownd.c
+++ b/src/shutdownd.c
@@ -193,6 +193,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if ((n_fds = sd_listen_fds(true)) < 0) {
log_error("Failed to read listening file descriptors from environment: %s", strerror(-r));
return EXIT_FAILURE;
diff --git a/src/sysctl.c b/src/sysctl.c
index 9f7acfc..8bdfb08 100644
--- a/src/sysctl.c
+++ b/src/sysctl.c
@@ -228,6 +228,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if (argc > optind)
r = apply_file(argv[optind], false);
else {
diff --git a/src/timedated.c b/src/timedated.c
index 4abcf1a..4bde035 100644
--- a/src/timedated.c
+++ b/src/timedated.c
@@ -578,6 +578,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if (argc == 2 && streq(argv[1], "--introspect")) {
fputs(DBUS_INTROSPECT_1_0_XML_DOCTYPE_DECL_NODE
"<node>\n", stdout);
@@ -592,8 +594,6 @@ int main(int argc, char *argv[]) {
goto finish;
}
- umask(0022);
-
r = read_data();
if (r < 0) {
log_error("Failed to read timezone data: %s", strerror(-r));
diff --git a/src/tmpfiles.c b/src/tmpfiles.c
index 3a1985a..421a915 100644
--- a/src/tmpfiles.c
+++ b/src/tmpfiles.c
@@ -972,6 +972,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
label_init();
items = hashmap_new(string_hash_func, string_compare_func);
diff --git a/src/tty-ask-password-agent.c b/src/tty-ask-password-agent.c
index ca183c3..43d008f 100644
--- a/src/tty-ask-password-agent.c
+++ b/src/tty-ask-password-agent.c
@@ -728,6 +728,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if ((r = parse_argv(argc, argv)) <= 0)
goto finish;
diff --git a/src/uaccess.c b/src/uaccess.c
index 786f0ef..49ac4af 100644
--- a/src/uaccess.c
+++ b/src/uaccess.c
@@ -38,6 +38,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if (argc < 2 || argc > 3) {
log_error("This program expects one or two arguments.");
r = -EINVAL;
diff --git a/src/update-utmp.c b/src/update-utmp.c
index b06f5a0..f81e7f4 100644
--- a/src/update-utmp.c
+++ b/src/update-utmp.c
@@ -373,6 +373,8 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
#ifdef HAVE_AUDIT
if ((c.audit_fd = audit_open()) < 0)
log_error("Failed to connect to audit log: %m");
diff --git a/src/user-sessions.c b/src/user-sessions.c
index ffb8657..df46b76 100644
--- a/src/user-sessions.c
+++ b/src/user-sessions.c
@@ -39,6 +39,8 @@ int main(int argc, char*argv[]) {
log_parse_environment();
log_open();
+ umask(0022);
+
if (streq(argv[1], "start")) {
int q = 0, r = 0;
diff --git a/src/vconsole-setup.c b/src/vconsole-setup.c
index 68ebac9..4347a20 100644
--- a/src/vconsole-setup.c
+++ b/src/vconsole-setup.c
@@ -171,6 +171,8 @@ int main(int argc, char **argv) {
log_parse_environment();
log_open();
+ umask(0022);
+
if (argv[1])
vc = argv[1];
else
commit 07f8a4aa49a84ec61513788d5ddf521f3de5a0ba
Author: Lennart Poettering <lennart at poettering.net>
Date: Mon Aug 1 20:51:18 2011 +0200
manager: call generators with umask 0022
diff --git a/src/manager.c b/src/manager.c
index 9e4bd51..69dbec4 100644
--- a/src/manager.c
+++ b/src/manager.c
@@ -2985,6 +2985,7 @@ void manager_run_generators(Manager *m) {
DIR *d = NULL;
const char *generator_path;
const char *argv[3];
+ mode_t u;
assert(m);
@@ -3027,7 +3028,9 @@ void manager_run_generators(Manager *m) {
argv[1] = m->generator_unit_path;
argv[2] = NULL;
+ u = umask(0022);
execute_directory(generator_path, d, (char**) argv);
+ umask(u);
if (rmdir(m->generator_unit_path) >= 0) {
/* Uh? we were able to remove this dir? I guess that
commit c375a7f750d0ac3ab130b8d84ebbcbbf32b96c72
Author: Lennart Poettering <lennart at poettering.net>
Date: Mon Aug 1 20:28:59 2011 +0200
getty: fix message
diff --git a/src/getty-generator.c b/src/getty-generator.c
index 141402b..7b91094 100644
--- a/src/getty-generator.c
+++ b/src/getty-generator.c
@@ -115,7 +115,7 @@ int main(int argc, char *argv[]) {
/* Automatically add in a serial getty on the first
* virtualizer console */
if (access("/sys/class/tty/hvc0", F_OK) == 0) {
- log_debug("Automatic adding serial getty for hvc0.");
+ log_debug("Automatically adding serial getty for hvc0.");
if (add_symlink("serial-getty at .service", "serial-getty at hvc0.service") < 0)
r = EXIT_FAILURE;
@@ -123,7 +123,7 @@ int main(int argc, char *argv[]) {
}
if (access("/sys/class/tty/xvc0", F_OK) == 0) {
- log_debug("Automatic adding serial getty for xvc0.");
+ log_debug("Automatically adding serial getty for xvc0.");
if (add_symlink("serial-getty at .service", "serial-getty at xvc0.service") < 0)
r = EXIT_FAILURE;
More information about the systemd-commits
mailing list