[arch-projects] [netctl][PATCH] Escape hatch for the restrictive umask
Jouke Witteveen
j.witteveen at gmail.com
Tue May 27 06:11:49 EDT 2014
Some things should not be run with the restrictive umask.
This provides a means to do so: do_readable.
---
The do_readable function feels clumsy, but I couldn't think of a better way.
src/lib/dhcp/dhclient | 4 +---
src/lib/dhcp/dhcpcd | 4 +---
src/lib/globals | 16 ++++++++++++++--
src/lib/ip | 2 +-
src/netctl.in | 2 +-
5 files changed, 18 insertions(+), 10 deletions(-)
diff --git a/src/lib/dhcp/dhclient b/src/lib/dhcp/dhclient
index 5dc637c..06b1222 100644
--- a/src/lib/dhcp/dhclient
+++ b/src/lib/dhcp/dhclient
@@ -8,12 +8,10 @@ dhclient_start() {
*) return 1;;
esac
[[ $2 == "noaddr" ]] && options+=" -S"
- rm -f "$pidfile"
- if ! do_debug dhclient -$1 -q -e "TIMEOUT=${TimeoutDHCP:-30}" -pf "$pidfile" $options "$Interface"; then
+ if ! do_readable do_debug dhclient -$1 -q -e "TIMEOUT=${TimeoutDHCP:-30}" -pf "$pidfile" $options "$Interface"; then
report_error "DHCP IPv$1 lease attempt failed on interface '$Interface'"
return 1
fi
- chmod 644 "$pidfile"
}
dhclient_stop() {
diff --git a/src/lib/dhcp/dhcpcd b/src/lib/dhcp/dhcpcd
index c729c08..c655d9a 100644
--- a/src/lib/dhcp/dhcpcd
+++ b/src/lib/dhcp/dhcpcd
@@ -5,16 +5,14 @@ dhcpcd_start() {
report_error "Using 'dhcpcd' for IPv6 is currently not possible in netctl"
return 1
fi
- rm -f "/run/dhcpcd-$Interface".{pid,cache}
# If using own dns, tell dhcpcd to NOT replace resolv.conf
[[ $DNS ]] && DhcpcdOptions+=" -C resolv.conf"
- do_debug dhcpcd -4qL -t "${TimeoutDHCP:-30}" $DhcpcdOptions "$Interface" |& report_debug "$(cat)"
+ do_readable do_debug dhcpcd -4qL -t "${TimeoutDHCP:-30}" $DhcpcdOptions "$Interface" |& report_debug "$(cat)"
# The first array value of PIPESTATUS is the exit status of dhcpcd
if (( PIPESTATUS != 0 )); then
report_error "DHCP IP lease attempt failed on interface '$Interface'"
return 1
fi
- chmod 644 "/run/dhcpcd-$Interface.pid"
}
dhcpcd_stop() {
diff --git a/src/lib/globals b/src/lib/globals
index cf99575..42ac177 100644
--- a/src/lib/globals
+++ b/src/lib/globals
@@ -4,8 +4,6 @@ SUBR_DIR="/usr/lib/network"
STATE_DIR="/run/network"
STATE_FILE="${NETCTL_STATE_FILE:-/var/lib/netctl/netctl.state}"
-umask 077
-
### Logging/Error reporting
@@ -72,6 +70,16 @@ do_debug() {
"$@"
}
+## Evaluate with a permissive umask
+do_readable() {
+ local result
+ umask 022
+ "$@"
+ result=$?
+ umask 077
+ return $result
+}
+
## Exit if we are not effectively root
# $1: program name (optional)
ensure_root() {
@@ -126,4 +134,8 @@ load_profile() {
}
+# Set a restrictive umask
+do_readable :
+
+
# vim: ft=sh ts=4 et sw=4:
diff --git a/src/lib/ip b/src/lib/ip
index e737fc5..66aab56 100644
--- a/src/lib/ip
+++ b/src/lib/ip
@@ -27,7 +27,7 @@ dhcp_call() {
resolvconf_add() {
local interface="$1"
shift
- printf "%s\n" "$@" | resolvconf -a "$interface"
+ printf "%s\n" "$@" | do_readable resolvconf -a "$interface"
}
diff --git a/src/netctl.in b/src/netctl.in
index 90be39e..9bbd013 100644
--- a/src/netctl.in
+++ b/src/netctl.in
@@ -168,7 +168,7 @@ case $# in
switch_to "$2";;
enable|disable)
ensure_root "$(basename "$0")"
- "unit_$1" "$2"
+ do_readable "unit_$1" "$2"
if sd_booted; then
systemctl daemon-reload
fi;;
--
1.9.3
More information about the arch-projects
mailing list