aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2013-10-10 21:32:27 +0200
committerLudovic Courtès <ludo@gnu.org>2013-10-10 21:43:14 +0200
commitb49632e79383ea91eaacfaf6fca388942f8e2cde (patch)
tree87ef1ad5865749c081a3a6cbd6632204b55d3a1a
parent66fb2d23a36f8e18464455ac1242ebbb0f0a7227 (diff)
downloadguix-b49632e79383ea91eaacfaf6fca388942f8e2cde.tar
guix-b49632e79383ea91eaacfaf6fca388942f8e2cde.tar.gz
daemon: Set the umask to 022 when starting.
* nix/nix-daemon/guix-daemon.cc (main): Add 'umask' call. * test-env.in: Remove use of 'umask'.
-rw-r--r--nix/nix-daemon/guix-daemon.cc6
-rw-r--r--test-env.in4
2 files changed, 6 insertions, 4 deletions
diff --git a/nix/nix-daemon/guix-daemon.cc b/nix/nix-daemon/guix-daemon.cc
index e2c30e75a8..4f9fa4c525 100644
--- a/nix/nix-daemon/guix-daemon.cc
+++ b/nix/nix-daemon/guix-daemon.cc
@@ -29,6 +29,7 @@
#include <argp.h>
#include <unistd.h>
#include <sys/types.h>
+#include <sys/stat.h>
#include <exception>
/* Variables used by `nix-daemon.cc'. */
@@ -194,6 +195,11 @@ main (int argc, char *argv[])
exit (EXIT_FAILURE);
}
+ /* Set the umask so that the daemon does not end up creating group-writable
+ files, which would lead to "suspicious ownership or permission" errors.
+ See <http://lists.gnu.org/archive/html/bug-guix/2013-07/msg00033.html>. */
+ umask (S_IWGRP | S_IWOTH);
+
#ifdef HAVE_CHROOT
settings.useChroot = true;
#else
diff --git a/test-env.in b/test-env.in
index ed31f88141..9224a80537 100644
--- a/test-env.in
+++ b/test-env.in
@@ -56,10 +56,6 @@ then
# Do that because store.scm calls `canonicalize-path' on it.
mkdir -p "$NIX_STORE_DIR"
- # Set the umask to avoid "suspicious ownership or permission" errors.
- # See <http://lists.gnu.org/archive/html/bug-guix/2013-07/msg00033.html>.
- umask 0022
-
# Launch the daemon without chroot support because is may be
# unavailable, for instance if we're not running as root.
"@abs_top_builddir@/pre-inst-env" \