diff options
author | Ludovic Courtès <ludo@gnu.org> | 2020-04-06 23:50:27 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2020-04-06 23:56:24 +0200 |
commit | d7113bb655ff80a868a9e624c913f9d23e6c63ad (patch) | |
tree | 1c1f31c9cdbd52650ad5b4e7dab67f0355c2ad28 /gnu/services | |
parent | 42a87136f0c99c0f1956e053d92f23bf096bddb6 (diff) | |
download | guix-d7113bb655ff80a868a9e624c913f9d23e6c63ad.tar guix-d7113bb655ff80a868a9e624c913f9d23e6c63ad.tar.gz |
services: syslog: Create log files as non-world-readable.
Partly fixes <https://bugs.gnu.org/40405>.
Reported by Diego Nicola Barbato <dnbarbato@posteo.de>.
* gnu/services/base.scm (syslog-service-type): Change 'start' method to
set umask to #o137 before spawning syslogd.
* gnu/tests/base.scm (run-basic-test)["/var/log/messages is not
world-readable"]: New test.
Diffstat (limited to 'gnu/services')
-rw-r--r-- | gnu/services/base.scm | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm index a0179c0259..f802005e3c 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1436,10 +1436,17 @@ Service Switch}, for an example." (documentation "Run the syslog daemon (syslogd).") (provision '(syslogd)) (requirement '(user-processes)) - (start #~(make-forkexec-constructor - (list #$(syslog-configuration-syslogd config) - "--rcfile" #$(syslog-configuration-config-file config)) - #:pid-file "/var/run/syslog.pid")) + (start #~(let ((spawn (make-forkexec-constructor + (list #$(syslog-configuration-syslogd config) + "--rcfile" + #$(syslog-configuration-config-file config)) + #:pid-file "/var/run/syslog.pid"))) + (lambda () + ;; Set the umask such that file permissions are #o640. + (let ((mask (umask #o137)) + (pid (spawn))) + (umask mask) + pid)))) (stop #~(make-kill-destructor)))))) ;; Snippet adapted from the GNU inetutils manual. |