GNU bug report logs - #54309
[PATCH] services: auditd: use exclusive log directory for auditd

Previous Next

Package: guix-patches;

Reported by: fesoj000 <fesoj000 <at> gmail.com>

Date: Wed, 9 Mar 2022 19:22:02 UTC

Severity: normal

Tags: patch

Full log

View this message in rfc822 format

From: Maxime Devos <maximedevos <at> telenet.be>
To: Liliana Marie Prikler <liliana.prikler <at> gmail.com>, fesoj000 <fesoj000 <at> gmail.com>, 54309 <at> debbugs.gnu.org
Subject: [bug#54309] What is the process from here?
Date: Sun, 20 Mar 2022 00:09:52 +0100

[Message part 1 (text/plain, inline)]
Liliana Marie Prikler schreef op vr 18-03-2022 om 23:36 [+0100]:
> > +(define (auditd-activation config)
> > +  (with-imported-modules '((guix build utils))
> > +    #~(begin
> > +        (use-modules (guix build utils))
> > +        (let ((var-log-audit "/var/log/audit"))
> > +          (umask #o077)
> > +          (mkdir-p var-log-audit)))))
> > +
> This would also apply umask 077 to /var and /var/log if those don't
> already exist.  More importantly, code executed after that will also
> inherit the umask, which I don't think is the intended consequence.

More concretely, the procedure 'mkdir-p/perms' would address the umask
issue, but not the potential ‘oops too restrictive permissions for /var
and /var/log' issue.  Additionally, as var-log-audit is only used in a
single place, you could simplify to

  #~(begin
      (use-modules ...)
      (mkdir-p/perms "/var/log/audit"))

here.

Greetings,
Maxime.

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 3 years and 85 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.