From 36ad6b8dd2a8effba70fccbaf1d580a75a167e6d Mon Sep 17 00:00:00 2001
From: Radovan Sroka <rsroka@redhat.com>
Date: Wed, 13 Mar 2019 20:57:37 +0100
Subject: [PATCH 08/11] Change fifo mode to 0660 (#26)
- fapolicyd-cli requires fapolicyd.fifo to have 0660 permissions
---
src/database.c | 9 +++++++--
src/fapolicyd-cli.c | 32 ++++++++++++++++++++++++++++++++
2 files changed, 39 insertions(+), 2 deletions(-)
diff --git a/src/database.c b/src/database.c
index 64a9fda..52deda4 100644
--- a/src/database.c
+++ b/src/database.c
@@ -738,8 +738,13 @@ static void *update_thread_main(void *arg)
/* Make sure that there is no such file/fifo */
unlink(fifo_path);
- if ((rc = mkfifo(fifo_path, 0600)) != 0) {
- msg(LOG_ERR, "Failed to create a pipe %s (%s)", fifo_path, strerror_r(errno, err_buff, BUFFER_SIZE));
+
+ mode_t old_mask = umask(0);
+ rc = mkfifo(fifo_path, 0660);
+ (void) umask(old_mask);
+
+ if (rc != 0) {
+ msg(LOG_ERR, "Failed to create a pipe %s (%s)", fifo_path, strerror_r(errno, err_buff, BUFFER_SIZE));
return NULL;
}
diff --git a/src/fapolicyd-cli.c b/src/fapolicyd-cli.c
index 06e7464..529b63b 100644
--- a/src/fapolicyd-cli.c
+++ b/src/fapolicyd-cli.c
@@ -76,6 +76,38 @@ int main(int argc, char const *argv[])
close(fd);
return 1;
}
+ // we will require pipe to have 0660 permissions
+ if (!(
+ (s.st_mode & S_IRUSR) &&
+ (s.st_mode & S_IWUSR) &&
+ !(s.st_mode & S_IXUSR) &&
+
+ (s.st_mode & S_IRGRP) &&
+ (s.st_mode & S_IWGRP) &&
+ !(s.st_mode & S_IXGRP) &&
+
+ !(s.st_mode & S_IROTH) &&
+ !(s.st_mode & S_IWOTH) &&
+ !(s.st_mode & S_IXOTH)
+ )) {
+ fprintf(stderr, "File: %s has 0%d%d%d instead of 0660 \n"
+ , _pipe
+ ,
+ ((s.st_mode & S_IRUSR) ? 4 : 0) +
+ ((s.st_mode & S_IWUSR) ? 2 : 0) +
+ ((s.st_mode & S_IXUSR) ? 1 : 0)
+ ,
+ ((s.st_mode & S_IRGRP) ? 4 : 0) +
+ ((s.st_mode & S_IWGRP) ? 2 : 0) +
+ ((s.st_mode & S_IXGRP) ? 1 : 0)
+ ,
+ ((s.st_mode & S_IROTH) ? 4 : 0) +
+ ((s.st_mode & S_IWOTH) ? 2 : 0) +
+ ((s.st_mode & S_IXOTH) ? 1 : 0)
+ );
+ close(fd);
+ return 1;
+ }
}
ssize_t ret = write(fd, "1", 2);
--
2.20.1