aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2023-05-11 10:23:30 +0200
committerLudovic Courtès <ludo@gnu.org>2023-05-11 13:21:45 +0200
commit695042ff108f57fa190852f3fe1f06b2b1f6c967 (patch)
tree637cf0e8d50525060b724db6f96075c8bc073361
parent3a00aba9e9bc65cd7578324635336222a302d200 (diff)
downloadguix-695042ff108f57fa190852f3fe1f06b2b1f6c967.tar
guix-695042ff108f57fa190852f3fe1f06b2b1f6c967.tar.gz
services: syslog: Do not call 'umask' in PID 1.
Fixes a race condition when starting services in parallel with shepherd 0.10.x whereby a service might create files and directories with umask #o137. An example is the bitlbee service with its least-authority wrapper: the wrapper would create a tree with directories set to #o640, thereby making the whole directory tree inaccessible. * gnu/services/base.scm (syslog-shepherd-service): Pass #:file-creation-mask to 'make-forkexec-constructor' instead of calling 'umask' in PID 1.
-rw-r--r--gnu/services/base.scm15
1 files changed, 5 insertions, 10 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 4adb551796..a4005fc4fd 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -1574,16 +1574,11 @@ reload its settings file.")))
(display #$(G_ "Service syslog is not running."))))))))
;; Note: a static file name is used for syslog.conf so that the reload
;; action work as intended.
- (start #~(let ((spawn (make-forkexec-constructor
- (list #$(syslog-configuration-syslogd config)
- #$(string-append "--rcfile=" syslog.conf))
- #:pid-file "/var/run/syslog.pid")))
- (lambda ()
- ;; Set the umask such that file permissions are #o640.
- (let ((mask (umask #o137))
- (pid (spawn)))
- (umask mask)
- pid))))
+ (start #~(make-forkexec-constructor
+ (list #$(syslog-configuration-syslogd config)
+ #$(string-append "--rcfile=" syslog.conf))
+ #:file-creation-mask #o137
+ #:pid-file "/var/run/syslog.pid"))
(stop #~(make-kill-destructor))))
(define syslog-service-type