From 426b94bd696933a72d8623fa1325b3562096957d Mon Sep 17 00:00:00 2001
From: "Robin H. Johnson" <robbat2@gentoo.org>
Date: Mon, 23 Jan 2012 10:26:58 +0000
Subject: Per the systemd tmpfiles implementation, we need to watch out for
 umask during initial creation of files as well as potentially changing
 permissions later. Also do not abort if the items exist already, per truncate
 rules in tmpfiles.

Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
---
 src/rc/checkpath.c | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/rc/checkpath.c b/src/rc/checkpath.c
index 86623d9..b0914f3 100644
--- a/src/rc/checkpath.c
+++ b/src/rc/checkpath.c
@@ -55,11 +55,17 @@ typedef enum {
 
 extern const char *applet;
 
+/* TODO: SELinux
+ * This needs a LOT of SELinux loving
+ * See systemd's src/label.c:label_mkdir
+ */
 static int
 do_check(char *path, uid_t uid, gid_t gid, mode_t mode, inode_t type, bool trunc)
 {
 	struct stat st;
 	int fd, flags;
+	int r;
+	int u;
 
 	if (stat(path, &st) || trunc) {
 		if (type == inode_file) {
@@ -75,7 +81,10 @@ do_check(char *path, uid_t uid, gid_t gid, mode_t mode, inode_t type, bool trunc
 #endif
 			if (trunc)
 				flags |= O_TRUNC;
-			if ((fd = open(path, flags, mode)) == -1) {
+			u = umask(0);
+			fd = open(path, flags, mode);
+			umask(u);
+			if (fd == -1) {
 				eerror("%s: open: %s", applet, strerror(errno));
 				return -1;
 			}
@@ -84,7 +93,11 @@ do_check(char *path, uid_t uid, gid_t gid, mode_t mode, inode_t type, bool trunc
 			einfo("%s: creating directory", path);
 			if (!mode) /* 775 */
 				mode = S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH;
-			if (mkdir(path, mode) == -1) {
+			u = umask(0);
+			/* We do not recursively create parents */
+			r = mkdir(path, mode);
+			umask(u);
+			if (r == -1 && errno != EEXIST) {
 				eerror("%s: mkdir: %s", applet,
 				    strerror (errno));
 				return -1;
@@ -94,7 +107,10 @@ do_check(char *path, uid_t uid, gid_t gid, mode_t mode, inode_t type, bool trunc
 			einfo("%s: creating fifo", path);
 			if (!mode) /* 600 */
 				mode = S_IRUSR | S_IWUSR;
-			if (mkfifo(path, mode) == -1) {
+			u = umask(0);
+			r = mkfifo(path, mode);
+			umask(u);
+			if (r == -1 && errno != EEXIST) {
 				eerror("%s: mkfifo: %s", applet,
 				    strerror (errno));
 				return -1;
-- 
cgit v1.2.3