daemon: Set the umask to 022 when starting.
* nix/nix-daemon/guix-daemon.cc (main): Add 'umask' call. * test-env.in: Remove use of 'umask'.
This commit is contained in:
parent
66fb2d23a3
commit
b49632e793
|
@ -29,6 +29,7 @@
|
|||
#include <argp.h>
|
||||
#include <unistd.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#include <exception>
|
||||
|
||||
/* Variables used by `nix-daemon.cc'. */
|
||||
|
@ -194,6 +195,11 @@ main (int argc, char *argv[])
|
|||
exit (EXIT_FAILURE);
|
||||
}
|
||||
|
||||
/* Set the umask so that the daemon does not end up creating group-writable
|
||||
files, which would lead to "suspicious ownership or permission" errors.
|
||||
See <http://lists.gnu.org/archive/html/bug-guix/2013-07/msg00033.html>. */
|
||||
umask (S_IWGRP | S_IWOTH);
|
||||
|
||||
#ifdef HAVE_CHROOT
|
||||
settings.useChroot = true;
|
||||
#else
|
||||
|
|
|
@ -56,10 +56,6 @@ then
|
|||
# Do that because store.scm calls `canonicalize-path' on it.
|
||||
mkdir -p "$NIX_STORE_DIR"
|
||||
|
||||
# Set the umask to avoid "suspicious ownership or permission" errors.
|
||||
# See <http://lists.gnu.org/archive/html/bug-guix/2013-07/msg00033.html>.
|
||||
umask 0022
|
||||
|
||||
# Launch the daemon without chroot support because is may be
|
||||
# unavailable, for instance if we're not running as root.
|
||||
"@abs_top_builddir@/pre-inst-env" \
|
||||
|
|
Loading…
Reference in New Issue