diff options
| author | Jouke Witteveen <j.witteveen@gmail.com> | 2014-05-27 12:05:12 +0200 |
|---|---|---|
| committer | Jouke Witteveen <j.witteveen@gmail.com> | 2014-06-17 12:59:41 +0200 |
| commit | 105fba4593f02fccb85909ea3bc30ed8c426908d (patch) | |
| tree | e3c6358a30dd68bd798f8b84571ab8a6f00526f5 | |
| parent | 223942f36b1a071bcca39d1e0adb615f9440db1f (diff) | |
| download | netctl-105fba4593f02fccb85909ea3bc30ed8c426908d.tar.gz netctl-105fba4593f02fccb85909ea3bc30ed8c426908d.tar.xz | |
Escape hatch for the restrictive umask
Some things should not be run with the restrictive umask.
This provides a means to do so: do_readable.
| -rw-r--r-- | src/lib/dhcp/dhclient | 4 | ||||
| -rw-r--r-- | src/lib/dhcp/dhcpcd | 4 | ||||
| -rw-r--r-- | src/lib/globals | 16 | ||||
| -rw-r--r-- | src/lib/ip | 2 | ||||
| -rw-r--r-- | src/netctl.in | 1 |
5 files changed, 18 insertions, 9 deletions
diff --git a/src/lib/dhcp/dhclient b/src/lib/dhcp/dhclient index 5dc637c..0970aee 100644 --- a/src/lib/dhcp/dhclient +++ b/src/lib/dhcp/dhclient @@ -8,12 +8,10 @@ dhclient_start() { *) return 1;; esac [[ $2 == "noaddr" ]] && options+=" -S" - rm -f "$pidfile" - if ! do_debug dhclient -$1 -q -e "TIMEOUT=${TimeoutDHCP:-30}" -pf "$pidfile" $options "$Interface"; then + if ! do_debug do_readable dhclient -$1 -q -e "TIMEOUT=${TimeoutDHCP:-30}" -pf "$pidfile" $options "$Interface"; then report_error "DHCP IPv$1 lease attempt failed on interface '$Interface'" return 1 fi - chmod 644 "$pidfile" } dhclient_stop() { diff --git a/src/lib/dhcp/dhcpcd b/src/lib/dhcp/dhcpcd index c729c08..5107819 100644 --- a/src/lib/dhcp/dhcpcd +++ b/src/lib/dhcp/dhcpcd @@ -5,16 +5,14 @@ dhcpcd_start() { report_error "Using 'dhcpcd' for IPv6 is currently not possible in netctl" return 1 fi - rm -f "/run/dhcpcd-$Interface".{pid,cache} # If using own dns, tell dhcpcd to NOT replace resolv.conf [[ $DNS ]] && DhcpcdOptions+=" -C resolv.conf" - do_debug dhcpcd -4qL -t "${TimeoutDHCP:-30}" $DhcpcdOptions "$Interface" |& report_debug "$(cat)" + do_debug do_readable dhcpcd -4qL -t "${TimeoutDHCP:-30}" $DhcpcdOptions "$Interface" |& report_debug "$(cat)" # The first array value of PIPESTATUS is the exit status of dhcpcd if (( PIPESTATUS != 0 )); then report_error "DHCP IP lease attempt failed on interface '$Interface'" return 1 fi - chmod 644 "/run/dhcpcd-$Interface.pid" } dhcpcd_stop() { diff --git a/src/lib/globals b/src/lib/globals index cf99575..42ac177 100644 --- a/src/lib/globals +++ b/src/lib/globals @@ -4,8 +4,6 @@ SUBR_DIR="/usr/lib/network" STATE_DIR="/run/network" STATE_FILE="${NETCTL_STATE_FILE:-/var/lib/netctl/netctl.state}" -umask 077 - ### Logging/Error reporting @@ -72,6 +70,16 @@ do_debug() { "$@" } +## Evaluate with a permissive umask +do_readable() { + local result + umask 022 + "$@" + result=$? + umask 077 + return $result +} + ## Exit if we are not effectively root # $1: program name (optional) ensure_root() { @@ -126,4 +134,8 @@ load_profile() { } +# Set a restrictive umask +do_readable : + + # vim: ft=sh ts=4 et sw=4: @@ -27,7 +27,7 @@ dhcp_call() { resolvconf_add() { local interface="$1" shift - printf "%s\n" "$@" | resolvconf -a "$interface" + printf "%s\n" "$@" | do_readable resolvconf -a "$interface" } diff --git a/src/netctl.in b/src/netctl.in index 90be39e..b66cf71 100644 --- a/src/netctl.in +++ b/src/netctl.in @@ -109,6 +109,7 @@ unit_enable() { return 1 fi load_profile "$1" + do_readable touch "$unit" echo ".include @systemdsystemunitdir@/netctl@.service" > "$unit" echo -e "\n[Unit]" >> "$unit" [[ -n $Description ]] && echo "Description=$Description" >> "$unit" |