|
 |
2bb5192 |
From 36ad6b8dd2a8effba70fccbaf1d580a75a167e6d Mon Sep 17 00:00:00 2001
|
|
|
2bb5192 |
From: Radovan Sroka <rsroka@redhat.com>
|
|
|
2bb5192 |
Date: Wed, 13 Mar 2019 20:57:37 +0100
|
|
|
2bb5192 |
Subject: [PATCH 08/11] Change fifo mode to 0660 (#26)
|
|
|
2bb5192 |
|
|
|
2bb5192 |
- fapolicyd-cli requires fapolicyd.fifo to have 0660 permissions
|
|
|
2bb5192 |
---
|
|
|
2bb5192 |
src/database.c | 9 +++++++--
|
|
|
2bb5192 |
src/fapolicyd-cli.c | 32 ++++++++++++++++++++++++++++++++
|
|
|
2bb5192 |
2 files changed, 39 insertions(+), 2 deletions(-)
|
|
|
2bb5192 |
|
|
|
2bb5192 |
diff --git a/src/database.c b/src/database.c
|
|
|
2bb5192 |
index 64a9fda..52deda4 100644
|
|
|
2bb5192 |
--- a/src/database.c
|
|
|
2bb5192 |
+++ b/src/database.c
|
|
|
2bb5192 |
@@ -738,8 +738,13 @@ static void *update_thread_main(void *arg)
|
|
|
2bb5192 |
|
|
|
2bb5192 |
/* Make sure that there is no such file/fifo */
|
|
|
2bb5192 |
unlink(fifo_path);
|
|
|
2bb5192 |
- if ((rc = mkfifo(fifo_path, 0600)) != 0) {
|
|
|
2bb5192 |
- msg(LOG_ERR, "Failed to create a pipe %s (%s)", fifo_path, strerror_r(errno, err_buff, BUFFER_SIZE));
|
|
|
2bb5192 |
+
|
|
|
2bb5192 |
+ mode_t old_mask = umask(0);
|
|
|
2bb5192 |
+ rc = mkfifo(fifo_path, 0660);
|
|
|
2bb5192 |
+ (void) umask(old_mask);
|
|
|
2bb5192 |
+
|
|
|
2bb5192 |
+ if (rc != 0) {
|
|
|
2bb5192 |
+ msg(LOG_ERR, "Failed to create a pipe %s (%s)", fifo_path, strerror_r(errno, err_buff, BUFFER_SIZE));
|
|
|
2bb5192 |
return NULL;
|
|
|
2bb5192 |
}
|
|
|
2bb5192 |
|
|
|
2bb5192 |
diff --git a/src/fapolicyd-cli.c b/src/fapolicyd-cli.c
|
|
|
2bb5192 |
index 06e7464..529b63b 100644
|
|
|
2bb5192 |
--- a/src/fapolicyd-cli.c
|
|
|
2bb5192 |
+++ b/src/fapolicyd-cli.c
|
|
|
2bb5192 |
@@ -76,6 +76,38 @@ int main(int argc, char const *argv[])
|
|
|
2bb5192 |
close(fd);
|
|
|
2bb5192 |
return 1;
|
|
|
2bb5192 |
}
|
|
|
2bb5192 |
+ // we will require pipe to have 0660 permissions
|
|
|
2bb5192 |
+ if (!(
|
|
|
2bb5192 |
+ (s.st_mode & S_IRUSR) &&
|
|
|
2bb5192 |
+ (s.st_mode & S_IWUSR) &&
|
|
|
2bb5192 |
+ !(s.st_mode & S_IXUSR) &&
|
|
|
2bb5192 |
+
|
|
|
2bb5192 |
+ (s.st_mode & S_IRGRP) &&
|
|
|
2bb5192 |
+ (s.st_mode & S_IWGRP) &&
|
|
|
2bb5192 |
+ !(s.st_mode & S_IXGRP) &&
|
|
|
2bb5192 |
+
|
|
|
2bb5192 |
+ !(s.st_mode & S_IROTH) &&
|
|
|
2bb5192 |
+ !(s.st_mode & S_IWOTH) &&
|
|
|
2bb5192 |
+ !(s.st_mode & S_IXOTH)
|
|
|
2bb5192 |
+ )) {
|
|
|
2bb5192 |
+ fprintf(stderr, "File: %s has 0%d%d%d instead of 0660 \n"
|
|
|
2bb5192 |
+ , _pipe
|
|
|
2bb5192 |
+ ,
|
|
|
2bb5192 |
+ ((s.st_mode & S_IRUSR) ? 4 : 0) +
|
|
|
2bb5192 |
+ ((s.st_mode & S_IWUSR) ? 2 : 0) +
|
|
|
2bb5192 |
+ ((s.st_mode & S_IXUSR) ? 1 : 0)
|
|
|
2bb5192 |
+ ,
|
|
|
2bb5192 |
+ ((s.st_mode & S_IRGRP) ? 4 : 0) +
|
|
|
2bb5192 |
+ ((s.st_mode & S_IWGRP) ? 2 : 0) +
|
|
|
2bb5192 |
+ ((s.st_mode & S_IXGRP) ? 1 : 0)
|
|
|
2bb5192 |
+ ,
|
|
|
2bb5192 |
+ ((s.st_mode & S_IROTH) ? 4 : 0) +
|
|
|
2bb5192 |
+ ((s.st_mode & S_IWOTH) ? 2 : 0) +
|
|
|
2bb5192 |
+ ((s.st_mode & S_IXOTH) ? 1 : 0)
|
|
|
2bb5192 |
+ );
|
|
|
2bb5192 |
+ close(fd);
|
|
|
2bb5192 |
+ return 1;
|
|
|
2bb5192 |
+ }
|
|
|
2bb5192 |
}
|
|
|
2bb5192 |
|
|
|
2bb5192 |
ssize_t ret = write(fd, "1", 2);
|
|
|
2bb5192 |
--
|
|
|
2bb5192 |
2.20.1
|
|
|
2bb5192 |
|