summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouke Witteveen <j.witteveen@gmail.com>2014-05-27 12:05:12 +0200
committerJouke Witteveen <j.witteveen@gmail.com>2014-06-17 12:59:41 +0200
commit105fba4593f02fccb85909ea3bc30ed8c426908d (patch)
treee3c6358a30dd68bd798f8b84571ab8a6f00526f5
parent223942f36b1a071bcca39d1e0adb615f9440db1f (diff)
downloadnetctl-105fba4593f02fccb85909ea3bc30ed8c426908d.tar.gz
netctl-105fba4593f02fccb85909ea3bc30ed8c426908d.tar.xz
Escape hatch for the restrictive umask
Some things should not be run with the restrictive umask. This provides a means to do so: do_readable.
-rw-r--r--src/lib/dhcp/dhclient4
-rw-r--r--src/lib/dhcp/dhcpcd4
-rw-r--r--src/lib/globals16
-rw-r--r--src/lib/ip2
-rw-r--r--src/netctl.in1
5 files changed, 18 insertions, 9 deletions
diff --git a/src/lib/dhcp/dhclient b/src/lib/dhcp/dhclient
index 5dc637c..0970aee 100644
--- a/src/lib/dhcp/dhclient
+++ b/src/lib/dhcp/dhclient
@@ -8,12 +8,10 @@ dhclient_start() {
*) return 1;;
esac
[[ $2 == "noaddr" ]] && options+=" -S"
- rm -f "$pidfile"
- if ! do_debug dhclient -$1 -q -e "TIMEOUT=${TimeoutDHCP:-30}" -pf "$pidfile" $options "$Interface"; then
+ if ! do_debug do_readable dhclient -$1 -q -e "TIMEOUT=${TimeoutDHCP:-30}" -pf "$pidfile" $options "$Interface"; then
report_error "DHCP IPv$1 lease attempt failed on interface '$Interface'"
return 1
fi
- chmod 644 "$pidfile"
}
dhclient_stop() {
diff --git a/src/lib/dhcp/dhcpcd b/src/lib/dhcp/dhcpcd
index c729c08..5107819 100644
--- a/src/lib/dhcp/dhcpcd
+++ b/src/lib/dhcp/dhcpcd
@@ -5,16 +5,14 @@ dhcpcd_start() {
report_error "Using 'dhcpcd' for IPv6 is currently not possible in netctl"
return 1
fi
- rm -f "/run/dhcpcd-$Interface".{pid,cache}
# If using own dns, tell dhcpcd to NOT replace resolv.conf
[[ $DNS ]] && DhcpcdOptions+=" -C resolv.conf"
- do_debug dhcpcd -4qL -t "${TimeoutDHCP:-30}" $DhcpcdOptions "$Interface" |& report_debug "$(cat)"
+ do_debug do_readable dhcpcd -4qL -t "${TimeoutDHCP:-30}" $DhcpcdOptions "$Interface" |& report_debug "$(cat)"
# The first array value of PIPESTATUS is the exit status of dhcpcd
if (( PIPESTATUS != 0 )); then
report_error "DHCP IP lease attempt failed on interface '$Interface'"
return 1
fi
- chmod 644 "/run/dhcpcd-$Interface.pid"
}
dhcpcd_stop() {
diff --git a/src/lib/globals b/src/lib/globals
index cf99575..42ac177 100644
--- a/src/lib/globals
+++ b/src/lib/globals
@@ -4,8 +4,6 @@ SUBR_DIR="/usr/lib/network"
STATE_DIR="/run/network"
STATE_FILE="${NETCTL_STATE_FILE:-/var/lib/netctl/netctl.state}"
-umask 077
-
### Logging/Error reporting
@@ -72,6 +70,16 @@ do_debug() {
"$@"
}
+## Evaluate with a permissive umask
+do_readable() {
+ local result
+ umask 022
+ "$@"
+ result=$?
+ umask 077
+ return $result
+}
+
## Exit if we are not effectively root
# $1: program name (optional)
ensure_root() {
@@ -126,4 +134,8 @@ load_profile() {
}
+# Set a restrictive umask
+do_readable :
+
+
# vim: ft=sh ts=4 et sw=4:
diff --git a/src/lib/ip b/src/lib/ip
index e737fc5..66aab56 100644
--- a/src/lib/ip
+++ b/src/lib/ip
@@ -27,7 +27,7 @@ dhcp_call() {
resolvconf_add() {
local interface="$1"
shift
- printf "%s\n" "$@" | resolvconf -a "$interface"
+ printf "%s\n" "$@" | do_readable resolvconf -a "$interface"
}
diff --git a/src/netctl.in b/src/netctl.in
index 90be39e..b66cf71 100644
--- a/src/netctl.in
+++ b/src/netctl.in
@@ -109,6 +109,7 @@ unit_enable() {
return 1
fi
load_profile "$1"
+ do_readable touch "$unit"
echo ".include @systemdsystemunitdir@/netctl@.service" > "$unit"
echo -e "\n[Unit]" >> "$unit"
[[ -n $Description ]] && echo "Description=$Description" >> "$unit"