System log files are world readable

Diego Nicola Barbato wrote on 3 Apr 2020 15:19

Recipients:(address . bug-guix@gnu.org)

Message-ID:87v9mg1zbt.fsf@GlaDOS.home

Hey Guix,

On Guix System the log files (in /var/log) generated by syslogd are

currently (commit 151f3d4) world readable. They should probably only be

readable by root (for the same reason that dmesg can only be run by

root).

It isn't possible to set the umask with fork-exec-constructor, is it?

Otherwise that might have been a simple solution.

Regards,

Diego

Diego Nicola Barbato wrote on 3 Apr 2020 15:34

Recipients:(address . 40405@debbugs.gnu.org)

Message-ID:87r1x41yna.fsf@GlaDOS.home

Diego Nicola Barbato <dnbarbato@posteo.de> writes:

Toggle quote (8 lines)> Hey Guix,
>
> On Guix System the log files (in /var/log) generated by syslogd are
> currently (commit 151f3d4) world readable.  They should probably only be
> readable by root (for the same reason that dmesg can only be run by
> root).
>
> It isn't possible to set the umask with fork-exec-constructor, is it?

^^^^^^^^^^^^^^^^^^^^^

That should be 'make-forkexec-constructor'. Sorry for the noise.

Toggle quote (5 lines)> Otherwise that might have been a simple solution.
>
> Regards,
>
> Diego

Ludovic Courtès wrote on 5 Apr 2020 23:32

control message for bug #40405

Recipients:(address . control@debbugs.gnu.org)

Message-ID:87blo5hb45.fsf@gnu.org

tags 40405 + security

quit

Ludovic Courtès wrote on 6 Apr 2020 00:12

Re: bug#40405: System log files are world readable

Recipients:(name . Diego Nicola Barbato)(address . dnbarbato@posteo.de)(address . 40405@debbugs.gnu.org)

Message-ID:874ktxh99k.fsf@gnu.org

Hi,

Diego Nicola Barbato <dnbarbato@posteo.de> skribis:

Toggle quote (8 lines)

> On Guix System the log files (in /var/log) generated by syslogd are

> currently (commit 151f3d4) world readable. They should probably only be

> readable by root (for the same reason that dmesg can only be run by

> root).

> It isn't possible to set the umask with fork-exec-constructor, is it?

> Otherwise that might have been a simple solution.

That would be a nice solution to implement in the Shepherd. If you feel

like giving it a try, that would be great!

In the meantime, the patch below fixes the syslogd problem. Also

attached is a patch for the accounting database, though that one is

questionable.

Thoughts?

Thanks,

Ludo’.

Toggle diff (53 lines)diff --git a/gnu/services.scm b/gnu/services.scm
index 7941cd3af0..d631e8dd32 100644
--- a/gnu/services.scm
+++ b/gnu/services.scm
@@ -528,15 +528,20 @@ ACTIVATION-SCRIPT-TYPE."
                       (use-modules (gnu build activation)
                                    (guix build utils))
 
+                      (define (ensure-file-exists file)
+                        (let ((port (open-file file "a0")))
+                          (chmod port #o640)
+                          (close-port port)))
+
                       ;; Make sure the user accounting database exists.  If it
                       ;; does not exist, 'setutxent' does not create it and
                       ;; thus there is no accounting at all.
-                      (close-port (open-file "/var/run/utmpx" "a0"))
+                      (ensure-file-exists "/var/run/utmpx")
 
                       ;; Same for 'wtmp', which is populated by mingetty et
                       ;; al.
                       (mkdir-p "/var/log")
-                      (close-port (open-file "/var/log/wtmp" "a0"))
+                      (ensure-file-exists "/var/log/wtmp")
 
                       ;; Set up /run/current-system.  Among other things this
                       ;; sets up locales, which the activation snippets
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 8d9a563e2b..e59b6fea80 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -1436,10 +1436,17 @@ Service Switch}, for an example."
       (documentation "Run the syslog daemon (syslogd).")
       (provision '(syslogd))
       (requirement '(user-processes))
-      (start #~(make-forkexec-constructor
-                (list #$(syslog-configuration-syslogd config)
-                      "--rcfile" #$(syslog-configuration-config-file config))
-                #:pid-file "/var/run/syslog.pid"))
+      (start #~(let ((fork (make-forkexec-constructor
+                            (list #$(syslog-configuration-syslogd config)
+                                  "--rcfile"
+                                  #$(syslog-configuration-config-file config))
+                            #:pid-file "/var/run/syslog.pid")))
+                 (lambda ()
+                   ;; Set the umask such that file permissions are #o640.
+                   (let ((mask (umask #o137))
+                         (pid  (fork)))
+                     (umask mask)
+                     pid))))
       (stop #~(make-kill-destructor))))))
 
 ;; Snippet adapted from the GNU inetutils manual.

Ludovic Courtès wrote on 7 Apr 2020 00:07

Recipients:(name . Diego Nicola Barbato)(address . dnbarbato@posteo.de)(address . 40405@debbugs.gnu.org)

Message-ID:87blo4clpp.fsf@gnu.org

Hi,

Ludovic Courtès <ludo@gnu.org> skribis:

Toggle quote (4 lines)

> In the meantime, the patch below fixes the syslogd problem. Also

> attached is a patch for the accounting database, though that one is

> questionable.

I pushed the syslog bits along with a test as commit

d7113bb655ff80a868a9e624c913f9d23e6c63ad. (I think already

world-readable files will remain world-readable though?)

The main remaining issue here is log files created by

‘fork+exec-command’. We’ll have to address that in the Shepherd proper,

I think.

Ludo’.

Bengt Richter wrote on 7 Apr 2020 02:49

Recipients:(name . Ludovic Courtès)(address . ludo@gnu.org)

Message-ID:20200407004958.GA8760@LionPure

Hi Ludo,

On +2020-04-07 00:07:14 +0200, Ludovic Courtès wrote:

Toggle quote (13 lines)> Hi,
> 
> Ludovic Courtès <ludo@gnu.org> skribis:
> 
> > In the meantime, the patch below fixes the syslogd problem.  Also
> > attached is a patch for the accounting database, though that one is
> > questionable.
> 
> I pushed the syslog bits along with a test as commit
> d7113bb655ff80a868a9e624c913f9d23e6c63ad.  (I think already
> world-readable files will remain world-readable though?)
>

Could build daemons do some kind of maintenance rebuild to chmod them?

And maybe be scheduled to monitor new files for other mistakes as well?

Meanwhile, could a superuser chmod them without affecting hashes?

(curious as to whether permission bits escape hashing).

Toggle quote (9 lines)

> The main remaining issue here is log files created by

> ‘fork+exec-command’. We’ll have to address that in the Shepherd proper,

> I think.

> Ludo’.

-- 
Regards,
Bengt Richter

Ludovic Courtès wrote on 7 Apr 2020 09:30

Recipients:(name . Bengt Richter)(address . bokr@bokr.com)

Message-ID:87zhbnbvmy.fsf@gnu.org

Hi,

Bengt Richter <bokr@bokr.com> skribis:

Toggle quote (17 lines)> On +2020-04-07 00:07:14 +0200, Ludovic Courtès wrote:
>> Hi,
>> 
>> Ludovic Courtès <ludo@gnu.org> skribis:
>> 
>> > In the meantime, the patch below fixes the syslogd problem.  Also
>> > attached is a patch for the accounting database, though that one is
>> > questionable.
>> 
>> I pushed the syslog bits along with a test as commit
>> d7113bb655ff80a868a9e624c913f9d23e6c63ad.  (I think already
>> world-readable files will remain world-readable though?)
>>
>
> Could build daemons do some kind of maintenance rebuild to chmod them?
> And maybe be scheduled to monitor new files for other mistakes as well?

Yes, we could do that, I just haven’t checked if this is necessary or

thought about how to do it.

Toggle quote (2 lines)

> Meanwhile, could a superuser chmod them without affecting hashes?

Definitely. (There’s no “hashing” involved for /var/log.)

Ludo’.

Diego Nicola Barbato wrote on 8 Apr 2020 14:32

Recipients:(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 40405@debbugs.gnu.org)

Message-ID:87pnciximi.fsf@GlaDOS.home

Hey,

Ludovic Courtès <ludo@gnu.org> writes:

Toggle quote (15 lines)> Hi,
>
> Diego Nicola Barbato <dnbarbato@posteo.de> skribis:
>
>> On Guix System the log files (in /var/log) generated by syslogd are
>> currently (commit 151f3d4) world readable.  They should probably only be
>> readable by root (for the same reason that dmesg can only be run by
>> root).
>>
>> It isn't possible to set the umask with fork-exec-constructor, is it?
>> Otherwise that might have been a simple solution.
>
> That would be a nice solution to implement in the Shepherd.  If you feel
> like giving it a try, that would be great!

I've attached two patches for the Shepherd. The first one makes sure

that 'exec-command' creates log files with mode #o640 (I thought about

making it a parameter instead of hard coding it, but I doubt it would be

very useful). The second one makes it possible to set the umask with

'exec-command', 'fork+exec-command', and 'make-forkexec-constructor'. I

wasn't quite sure how to avoid a collision with the procedure umask

(would `((@ (guile) umask) umask)' have been ok?) so I named the

parameter file-creation-mask.

I haven't tested the changes. What would be a straight forward way to

do that on Guix? Looking at the documentation it doesn't seem possible

to swap out the shepherd package of the %shepherd-root-service with

'modify-services'.

[...]

Regards,

Diego

From 43c9ded791ce5b480504ce3528ee34578168f90e Mon Sep 17 00:00:00 2001
From: Diego Nicola Barbato <dnbarbato@posteo.de>
Date: Tue, 7 Apr 2020 13:58:28 +0200
Subject: [PATCH 1/2] service: Create log files as non-world-readable.

* modules/shepherd/service.scm (exec-command): Create log-file with file
  permissions #o640.
---
 modules/shepherd/service.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)diff --git a/modules/shepherd/service.scm b/modules/shepherd/service.scm
index fc82cc4..9a4a5d9 100644
--- a/modules/shepherd/service.scm
+++ b/modules/shepherd/service.scm
@@ -808,7 +808,7 @@ false."
              ;; Redirect stout and stderr to use LOG-FILE.
              (catch-system-error (close-fdes 1))
              (catch-system-error (close-fdes 2))
-             (dup2 (open-fdes log-file (logior O_CREAT O_WRONLY O_APPEND)) 1)
+             (dup2 (open-fdes log-file (logior O_CREAT O_WRONLY O_APPEND) #o640) 1)
              (dup2 1 2))
            (lambda (key . args)
              (format (current-error-port)
-- 
2.26.0

From e491436967a912e6e7372f582b3bf5c9784b8209 Mon Sep 17 00:00:00 2001
From: Diego Nicola Barbato <dnbarbato@posteo.de>
Date: Tue, 7 Apr 2020 13:38:47 +0200
Subject: [PATCH 2/2] service: Add #:file-creation-mask to
 'make-forkexec-constructor'.

* modules/shepherd/service.scm (exec-command): Add #:file-creation-mask
  parameter and honor it.
  (fork+exec-command): Add #:file-creation-mask parameter and pass it to
  exec-command.
  (make-forkexec-constructor): Add #:file-creation-mask parameter and pass it
  to fork+exec-command.
* doc/shepherd.texi (Service De- and Constructors): Adjust accordingly.
---
 doc/shepherd.texi            |  9 +++++++--
 modules/shepherd/service.scm | 22 ++++++++++++++++------
 2 files changed, 23 insertions(+), 8 deletions(-)

Toggle diff (114 lines)diff --git a/doc/shepherd.texi b/doc/shepherd.texi
index 3e61f5d..659eb82 100644
--- a/doc/shepherd.texi
+++ b/doc/shepherd.texi
@@ -896,10 +896,12 @@ execution of the @var{command} was successful, @code{#t} if not.
   [#:pid-file #f] [#:pid-file-timeout %pid-file-timeout] @
   [#:log-file #f] @
   [#:directory (default-service-directory)] @
+  [#:file-creation-mask #f] @
   [#:environment-variables (default-environment-variables)]
 Return a procedure that forks a child process, closes all file
 descriptors except the standard output and standard error descriptors, sets
-the current directory to @var{directory}, changes the environment to
+the current directory to @var{directory}, sets the umask to
+@var{file-creation-mask} unless it is @code{#f}, changes the environment to
 @var{environment-variables} (using the @code{environ} procedure), sets the
 current user to @var{user} and the current group to @var{group} unless they
 are @code{#f}, and executes @var{command} (a list of strings.)  The result of
@@ -935,13 +937,16 @@ procedures.
   [#:group #f] @
   [#:log-file #f] @
   [#:directory (default-service-directory)] @
+  [#:file-creation-mask #f] @
   [#:environment-variables (default-environment-variables)]
 @deffnx {procedure} fork+exec-command @var{command} @
   [#:user #f] @
   [#:group #f] @
   [#:directory (default-service-directory)] @
+  [#:file-creation-mask #f] @
   [#:environment-variables (default-environment-variables)]
-Run @var{command} as the current process from @var{directory}, and with
+Run @var{command} as the current process from @var{directory}, with
+@var{file-creation-mask} if it's true, and with
 @var{environment-variables} (a list of strings like @code{"PATH=/bin"}.)
 File descriptors 1 and 2 are kept as is or redirected to @var{log-file}
 if it's true, whereas file descriptor 0
diff --git a/modules/shepherd/service.scm b/modules/shepherd/service.scm
index 9a4a5d9..d90b55b 100644
--- a/modules/shepherd/service.scm
+++ b/modules/shepherd/service.scm
@@ -771,12 +771,14 @@ daemon writing FILE is running in a separate PID namespace."
                        (group #f)
                        (log-file #f)
                        (directory (default-service-directory))
+                       (file-creation-mask #f)
                        (environment-variables (default-environment-variables)))
-  "Run COMMAND as the current process from DIRECTORY, and with
-ENVIRONMENT-VARIABLES (a list of strings like \"PATH=/bin\".)  File
-descriptors 1 and 2 are kept as is or redirected to LOG-FILE if it's true,
-whereas file descriptor 0 (standard input) points to /dev/null; all other file
-descriptors are closed prior to yielding control to COMMAND.
+  "Run COMMAND as the current process from DIRECTORY, with FILE-CREATION-MASK
+if it's true, and with ENVIRONMENT-VARIABLES (a list of strings like
+\"PATH=/bin\").  File descriptors 1 and 2 are kept as is or redirected to
+LOG-FILE if it's true, whereas file descriptor 0 (standard input) points to
+/dev/null; all other file descriptors are closed prior to yielding control to
+COMMAND.
 
 By default, COMMAND is run as the current user.  If the USER keyword
 argument is present and not false, change to USER immediately before
@@ -840,6 +842,9 @@ false."
            (print-exception (current-error-port) #f key args)
            (primitive-exit 1))))
 
+     (when file-creation-mask
+       (umask file-creation-mask))
+
      ;; As the last action, close file descriptors.  Doing it last makes
      ;; "error in the finalization thread: Bad file descriptor" issues
      ;; unlikely on 2.2.
@@ -871,6 +876,7 @@ false."
                             (group #f)
                             (log-file #f)
                             (directory (default-service-directory))
+                            (file-creation-mask #f)
                             (environment-variables
                              (default-environment-variables)))
   "Spawn a process that executed COMMAND as per 'exec-command', and return
@@ -886,6 +892,7 @@ its PID."
                       #:group group
                       #:log-file log-file
                       #:directory directory
+                      #:file-creation-mask file-creation-mask
                       #:environment-variables environment-variables)
         pid)))
 
@@ -903,7 +910,8 @@ its PID."
     (case-lambda*
      "Return a procedure that forks a child process, closes all file
 descriptors except the standard output and standard error descriptors, sets
-the current directory to @var{directory}, changes the environment to
+the current directory to @var{directory}, sets the umask to
+@var{file-creation-mask} unless it is @code{#f}, changes the environment to
 @var{environment-variables} (using the @code{environ} procedure), sets the
 current user to @var{user} and the current group to @var{group} unless they
 are @code{#f}, and executes @var{command} (a list of strings.)  The result of
@@ -918,6 +926,7 @@ start."
                (user #f)
                (group #f)
                (directory (default-service-directory))
+               (file-creation-mask #f)
                (environment-variables (default-environment-variables))
                (pid-file #f)
                (pid-file-timeout %pid-file-timeout)
@@ -944,6 +953,7 @@ start."
                                         #:group group
                                         #:log-file log-file
                                         #:directory directory
+                                        #:file-creation-mask file-creation-mask
                                         #:environment-variables
                                         environment-variables)))
             (if pid-file
-- 
2.26.0

Ludovic Courtès wrote on 8 Apr 2020 21:49

Recipients:(name . Diego Nicola Barbato)(address . dnbarbato@posteo.de)(address . 40405@debbugs.gnu.org)

Message-ID:877dyp69mz.fsf@gnu.org

Diego Nicola Barbato <dnbarbato@posteo.de> skribis:

Toggle quote (26 lines)> Ludovic Courtès <ludo@gnu.org> writes:
>
>> Hi,
>>
>> Diego Nicola Barbato <dnbarbato@posteo.de> skribis:
>>
>>> On Guix System the log files (in /var/log) generated by syslogd are
>>> currently (commit 151f3d4) world readable.  They should probably only be
>>> readable by root (for the same reason that dmesg can only be run by
>>> root).
>>>
>>> It isn't possible to set the umask with fork-exec-constructor, is it?
>>> Otherwise that might have been a simple solution.
>>
>> That would be a nice solution to implement in the Shepherd.  If you feel
>> like giving it a try, that would be great!
>
> I've attached two patches for the Shepherd.  The first one makes sure
> that 'exec-command' creates log files with mode #o640 (I thought about
> making it a parameter instead of hard coding it, but I doubt it would be
> very useful).  The second one makes it possible to set the umask with
> 'exec-command', 'fork+exec-command', and 'make-forkexec-constructor'.  I
> wasn't quite sure how to avoid a collision with the procedure umask
> (would `((@ (guile) umask) umask)' have been ok?) so I named the
> parameter file-creation-mask.

Sounds good to me.

Toggle quote (5 lines)

> I haven't tested the changes. What would be a straight forward way to

> do that on Guix? Looking at the documentation it doesn't seem possible

> to swap out the shepherd package of the %shepherd-root-service with

> 'modify-services'.

Both patches LGTM, but you could add a couple of tests in the Shepherd

itself before testing it on Guix.

The tests/*.sh are simple shell scripts. You could perhaps create a new

one there, run shepherd with a toy service that uses #:log-file and

creates files, and then ensure that the log file is #o640 and that

#:file-creation-mask is honored.

Does that make sense?

Then, to test it on Guix, you can run “make dist” in the Shepherd and

change the ‘shepherd’ package so that its ‘source’ points to that

tarball. You run ‘guix system vm gnu/system/examples/bare-bones.tmpl’,

boot that, and ensure everything’s OK.

Thanks!

Ludo’.

Ludovic Courtès wrote on 19 Apr 2020 16:28

Recipients:(name . Diego Nicola Barbato)(address . dnbarbato@posteo.de)(address . 40405-done@debbugs.gnu.org)

Message-ID:87a73735yv.fsf@gnu.org

Hi Diego,

Diego Nicola Barbato <dnbarbato@posteo.de> skribis:

Toggle quote (8 lines)

>>From 43c9ded791ce5b480504ce3528ee34578168f90e Mon Sep 17 00:00:00 2001

> From: Diego Nicola Barbato <dnbarbato@posteo.de>

> Date: Tue, 7 Apr 2020 13:58:28 +0200

> Subject: [PATCH 1/2] service: Create log files as non-world-readable.

> * modules/shepherd/service.scm (exec-command): Create log-file with file

> permissions #o640.

[...]

Toggle quote (14 lines)>>From e491436967a912e6e7372f582b3bf5c9784b8209 Mon Sep 17 00:00:00 2001
> From: Diego Nicola Barbato <dnbarbato@posteo.de>
> Date: Tue, 7 Apr 2020 13:38:47 +0200
> Subject: [PATCH 2/2] service: Add #:file-creation-mask to
>  'make-forkexec-constructor'.
>
> * modules/shepherd/service.scm (exec-command): Add #:file-creation-mask
>   parameter and honor it.
>   (fork+exec-command): Add #:file-creation-mask parameter and pass it to
>   exec-command.
>   (make-forkexec-constructor): Add #:file-creation-mask parameter and pass it
>   to fork+exec-command.
> * doc/shepherd.texi (Service De- and Constructors): Adjust accordingly.

I went ahead and pushed these two patches.

We’ll need to test current Shepherd master on Guix, but I feel we’ve

accumulated enough improvements for a 0.7.1 release.

Thanks,

Ludo’.

Closed

Ludovic Courtès wrote on 22 Apr 2020 22:04

Recipients:(address . 40405-done@debbugs.gnu.org)(address . dnbarbato@posteo.de)

Message-ID:878sinthh4.fsf@gnu.org

Hi,

Ludovic Courtès <ludo@gnu.org> skribis:

Toggle quote (28 lines)> Diego Nicola Barbato <dnbarbato@posteo.de> skribis:
>
>>>From 43c9ded791ce5b480504ce3528ee34578168f90e Mon Sep 17 00:00:00 2001
>> From: Diego Nicola Barbato <dnbarbato@posteo.de>
>> Date: Tue, 7 Apr 2020 13:58:28 +0200
>> Subject: [PATCH 1/2] service: Create log files as non-world-readable.
>>
>> * modules/shepherd/service.scm (exec-command): Create log-file with file
>>   permissions #o640.
>
> [...]
>
>>>From e491436967a912e6e7372f582b3bf5c9784b8209 Mon Sep 17 00:00:00 2001
>> From: Diego Nicola Barbato <dnbarbato@posteo.de>
>> Date: Tue, 7 Apr 2020 13:38:47 +0200
>> Subject: [PATCH 2/2] service: Add #:file-creation-mask to
>>  'make-forkexec-constructor'.
>>
>> * modules/shepherd/service.scm (exec-command): Add #:file-creation-mask
>>   parameter and honor it.
>>   (fork+exec-command): Add #:file-creation-mask parameter and pass it to
>>   exec-command.
>>   (make-forkexec-constructor): Add #:file-creation-mask parameter and pass it
>>   to fork+exec-command.
>> * doc/shepherd.texi (Service De- and Constructors): Adjust accordingly.
>
> I went ahead and pushed these two patches.

These patches are in Shepherd 0.8.0, which was pushed in Guix master

commit e3358a831e7d5d9e8dc614340e49ea5aeb11a7ff, so we’re done!

Ludo’.

Closed

Diego Nicola Barbato wrote on 28 Apr 2020 15:11

Recipients:(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 40405-done@debbugs.gnu.org)

Message-ID:87y2qfhi0c.fsf@GlaDOS.home

Hi,

Ludovic Courtès <ludo@gnu.org> writes:

Toggle quote (35 lines)> Hi,
>
> Ludovic Courtès <ludo@gnu.org> skribis:
>
>> Diego Nicola Barbato <dnbarbato@posteo.de> skribis:
>>
>>>>From 43c9ded791ce5b480504ce3528ee34578168f90e Mon Sep 17 00:00:00 2001
>>> From: Diego Nicola Barbato <dnbarbato@posteo.de>
>>> Date: Tue, 7 Apr 2020 13:58:28 +0200
>>> Subject: [PATCH 1/2] service: Create log files as non-world-readable.
>>>
>>> * modules/shepherd/service.scm (exec-command): Create log-file with file
>>>   permissions #o640.
>>
>> [...]
>>
>>>>From e491436967a912e6e7372f582b3bf5c9784b8209 Mon Sep 17 00:00:00 2001
>>> From: Diego Nicola Barbato <dnbarbato@posteo.de>
>>> Date: Tue, 7 Apr 2020 13:38:47 +0200
>>> Subject: [PATCH 2/2] service: Add #:file-creation-mask to
>>>  'make-forkexec-constructor'.
>>>
>>> * modules/shepherd/service.scm (exec-command): Add #:file-creation-mask
>>>   parameter and honor it.
>>>   (fork+exec-command): Add #:file-creation-mask parameter and pass it to
>>>   exec-command.
>>>   (make-forkexec-constructor): Add #:file-creation-mask parameter and pass it
>>>   to fork+exec-command.
>>> * doc/shepherd.texi (Service De- and Constructors): Adjust accordingly.
>>
>> I went ahead and pushed these two patches.
>
> These patches are in Shepherd 0.8.0, which was pushed in Guix master
> commit e3358a831e7d5d9e8dc614340e49ea5aeb11a7ff, so we’re done!

Great! Now we can simplify the 'start' method of

'syslogd-service-type'.

I did eventually write a test script, which I've attached in case we

want to add it to the Shepherd. I'm sorry it took so long that I missed

the new Shepherd release.

Regards,

Diego

From 2e7a0795b3a7080376238ab604c50d2c180f8730 Mon Sep 17 00:00:00 2001
From: Diego Nicola Barbato <dnbarbato@posteo.de>
Date: Mon, 27 Apr 2020 16:57:36 +0200
Subject: [PATCH] tests: Test #:file-creation-mask option of
 'make-forkexec-constructor'.

* tests/file-creation-mask.sh: New file.
---
 tests/file-creation-mask.sh | 79 +++++++++++++++++++++++++++++++++++++
 1 file changed, 79 insertions(+)
 create mode 100644 tests/file-creation-mask.sh

Toggle diff (87 lines)diff --git a/tests/file-creation-mask.sh b/tests/file-creation-mask.sh
new file mode 100644
index 0000000..9f5f10a
--- /dev/null
+++ b/tests/file-creation-mask.sh
@@ -0,0 +1,79 @@
+# GNU Shepherd --- Test the #:file-creation-mask option of 'make-forkexec-constructor'.
+# Copyright © 2020 Diego N. Barbato <dnbarbato@posteo.de>
+#
+# This file is part of the GNU Shepherd.
+#
+# The GNU Shepherd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# The GNU Shepherd is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with the GNU Shepherd.  If not, see <http://www.gnu.org/licenses/>.
+
+shepherd --version
+herd --version
+
+socket="t-socket-$$"
+conf="t-conf-$$"
+log="t-log-$$"
+pid="t-pid-$$"
+service_log="t-service-log-$$"
+service_new_file="t-service-new-file-$$"
+
+herd="herd -s $socket"
+
+trap "cat $log || true;
+      rm -f $socket $conf $log $service_log $service_new_file;
+      test -f $pid && kill \`cat $pid\` || true; rm -f $pid" EXIT
+
+function wait_for_file
+{
+    i=0
+    while ! test -f "$1" && test $i -lt 20
+    do
+	sleep 0.3
+	i=`expr $i + 1`
+    done
+    test -f "$1"
+}
+
+cat > "$conf"<<EOF
+(define %command
+  '("$SHELL" "-c" "touch $PWD/$service_new_file; echo foo"))
+
+(register-services
+ (make <service>
+   #:provides '(test)
+   #:start (make-forkexec-constructor %command
+                                      #:log-file "$PWD/$service_log"
+                                      ;; Set the umask such that file
+                                      ;; permissions are #o600.
+                                      #:file-creation-mask #o177)
+   #:stop (make-kill-destructor)
+   #:respawn? #f))
+EOF
+
+rm -f "$pid"
+shepherd -I -s "$socket" -c "$conf" -l "$log" --pid="$pid" &
+
+# Wait till it's ready.
+wait_for_file "$pid"
+
+# Start the service.
+$herd start test
+
+# Make sure the log file is created with the right permissions independently
+# of the value of #:file-creation-mask.
+wait_for_file "$service_log"
+test `stat -c %a "$service_log"` -eq 640
+
+# Make sure the service creates files with the right permissions as determined
+# by the value of #:file-creation-mask.
+wait_for_file "$service_new_file"
+test `stat -c %a "$service_new_file"` -eq 600
-- 
2.26.0

Closed

Ludovic Courtès wrote on 28 Apr 2020 22:57

Recipients:(name . Diego Nicola Barbato)(address . dnbarbato@posteo.de)(address . 40405-done@debbugs.gnu.org)

Message-ID:87h7x3tjjx.fsf@gnu.org

Hello,

Diego Nicola Barbato <dnbarbato@posteo.de> skribis:

Toggle quote (3 lines)

> Great! Now we can simplify the 'start' method of

> 'syslogd-service-type'.

Oh right, do you want to take care of it?

Toggle quote (4 lines)

> I did eventually write a test script, which I've attached in case we

> want to add it to the Shepherd. I'm sorry it took so long that I missed

> the new Shepherd release.

No problem. I figured it was okay to add it without a test, but having

a test is always better so I’ve happily pushed your patch. Thank you!

Ludo’.

Closed

Diego Nicola Barbato wrote on 29 Apr 2020 12:02

Recipients:(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 40405@debbugs.gnu.org)

Message-ID:87d07qhaoy.fsf@GlaDOS.home

Hi,

Ludovic Courtès <ludo@gnu.org> writes:

Toggle quote (9 lines)

> Hello,

> Diego Nicola Barbato <dnbarbato@posteo.de> skribis:

>> Great! Now we can simplify the 'start' method of

>> 'syslogd-service-type'.

> Oh right, do you want to take care of it?

I already did: https://debbugs.gnu.org/40937

[...]

Regards,

Diego

Your comment

This issue is archived.

To comment on this conversation send email to 40405@debbugs.gnu.org

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date