diff options
| -rw-r--r-- | gnu/services/base.scm | 15 | ||||
| -rw-r--r-- | gnu/tests/base.scm | 8 |
2 files changed, 19 insertions, 4 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm index a0179c0259..f802005e3c 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1436,10 +1436,17 @@ Service Switch}, for an example." (documentation "Run the syslog daemon (syslogd).") (provision '(syslogd)) (requirement '(user-processes)) - (start #~(make-forkexec-constructor - (list #$(syslog-configuration-syslogd config) - "--rcfile" #$(syslog-configuration-config-file config)) - #:pid-file "/var/run/syslog.pid")) + (start #~(let ((spawn (make-forkexec-constructor + (list #$(syslog-configuration-syslogd config) + "--rcfile" + #$(syslog-configuration-config-file config)) + #:pid-file "/var/run/syslog.pid"))) + (lambda () + ;; Set the umask such that file permissions are #o640. + (let ((mask (umask #o137)) + (pid (spawn))) + (umask mask) + pid)))) (stop #~(make-kill-destructor)))))) ;; Snippet adapted from the GNU inetutils manual. diff --git a/gnu/tests/base.scm b/gnu/tests/base.scm index 37b83dc7ec..fe63cecbd0 100644 --- a/gnu/tests/base.scm +++ b/gnu/tests/base.scm @@ -195,6 +195,14 @@ info --version") (pk 'services services) '(root #$@(operating-system-shepherd-service-names os))))) + (test-equal "/var/log/messages is not world-readable" + #o640 ;<https://bugs.gnu.org/40405> + (begin + (wait-for-file "/var/log/messages" marionette + #:read 'get-u8) + (marionette-eval '(stat:perms (lstat "/var/log/messages")) + marionette))) + (test-assert "homes" (let ((homes '#$(map user-account-home-directory |