diff options
author | Ludovic Courtès <ludo@gnu.org> | 2013-10-10 21:32:27 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2013-10-10 21:43:14 +0200 |
commit | b49632e79383ea91eaacfaf6fca388942f8e2cde (patch) | |
tree | 87ef1ad5865749c081a3a6cbd6632204b55d3a1a | |
parent | 66fb2d23a36f8e18464455ac1242ebbb0f0a7227 (diff) | |
download | guix-b49632e79383ea91eaacfaf6fca388942f8e2cde.tar guix-b49632e79383ea91eaacfaf6fca388942f8e2cde.tar.gz |
daemon: Set the umask to 022 when starting.
* nix/nix-daemon/guix-daemon.cc (main): Add 'umask' call.
* test-env.in: Remove use of 'umask'.
-rw-r--r-- | nix/nix-daemon/guix-daemon.cc | 6 | ||||
-rw-r--r-- | test-env.in | 4 |
2 files changed, 6 insertions, 4 deletions
diff --git a/nix/nix-daemon/guix-daemon.cc b/nix/nix-daemon/guix-daemon.cc index e2c30e75a8..4f9fa4c525 100644 --- a/nix/nix-daemon/guix-daemon.cc +++ b/nix/nix-daemon/guix-daemon.cc @@ -29,6 +29,7 @@ #include <argp.h> #include <unistd.h> #include <sys/types.h> +#include <sys/stat.h> #include <exception> /* Variables used by `nix-daemon.cc'. */ @@ -194,6 +195,11 @@ main (int argc, char *argv[]) exit (EXIT_FAILURE); } + /* Set the umask so that the daemon does not end up creating group-writable + files, which would lead to "suspicious ownership or permission" errors. + See <http://lists.gnu.org/archive/html/bug-guix/2013-07/msg00033.html>. */ + umask (S_IWGRP | S_IWOTH); + #ifdef HAVE_CHROOT settings.useChroot = true; #else diff --git a/test-env.in b/test-env.in index ed31f88141..9224a80537 100644 --- a/test-env.in +++ b/test-env.in @@ -56,10 +56,6 @@ then # Do that because store.scm calls `canonicalize-path' on it. mkdir -p "$NIX_STORE_DIR" - # Set the umask to avoid "suspicious ownership or permission" errors. - # See <http://lists.gnu.org/archive/html/bug-guix/2013-07/msg00033.html>. - umask 0022 - # Launch the daemon without chroot support because is may be # unavailable, for instance if we're not running as root. "@abs_top_builddir@/pre-inst-env" \ |