diff options
author | Leo Famulari <leo@famulari.name> | 2016-05-29 11:13:59 -0400 |
---|---|---|
committer | Leo Famulari <leo@famulari.name> | 2016-05-31 00:03:10 -0400 |
commit | 8fe5d95e6653a8ca2f40048b71bb596c80bb264f (patch) | |
tree | a44778d0e26e752e7b8494c1cea9334a026174d2 | |
parent | df2dd07b880432a0205dd399fede6dee5b9af76b (diff) | |
download | guix-8fe5d95e6653a8ca2f40048b71bb596c80bb264f.tar guix-8fe5d95e6653a8ca2f40048b71bb596c80bb264f.tar.gz |
services: urandom-seed: Set umask to 077 while shutting down.
* gnu/services/base.scm (urandom-seed-shepherd-service): Call 'umask'.
-rw-r--r-- | gnu/services/base.scm | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm index a45f219643..b8e4741739 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -460,10 +460,12 @@ stopped before 'kill' is called." (let ((buf (make-bytevector 512))) (call-with-input-file "/dev/urandom" (lambda (urandom) - (get-bytevector-n! urandom buf 0 512) - (call-with-output-file #$%random-seed-file - (lambda (seed) - (put-bytevector seed buf))) + (let ((previous-umask (umask #o077))) + (get-bytevector-n! urandom buf 0 512) + (call-with-output-file #$%random-seed-file + (lambda (seed) + (put-bytevector seed buf))) + (umask previous-umask)) #t))))) (modules `((rnrs bytevectors) (rnrs io ports) |