GNU bug report logs - #54309
[PATCH] services: auditd: use exclusive log directory for auditd

Previous Next

Package: guix-patches;

Reported by: fesoj000 <fesoj000 <at> gmail.com>

Date: Wed, 9 Mar 2022 19:22:02 UTC

Severity: normal

Tags: patch

Full log

Message #59 received at 54309 <at> debbugs.gnu.org (full text, mbox):

From: fesoj000 <fesoj000 <at> gmail.com>
To: Maxime Devos <maximedevos <at> telenet.be>,
 Liliana Marie Prikler <liliana.prikler <at> gmail.com>, 54309 <at> debbugs.gnu.org
Subject: Re: [bug#54309] What is the process from here?
Date: Tue, 22 Mar 2022 17:50:14 +0100

On 3/20/22 12:09 AM, Maxime Devos wrote:
> Liliana Marie Prikler schreef op vr 18-03-2022 om 23:36 [+0100]:
>>> +(define (auditd-activation config)
>>> +  (with-imported-modules '((guix build utils))
>>> +    #~(begin
>>> +        (use-modules (guix build utils))
>>> +        (let ((var-log-audit "/var/log/audit"))
>>> +          (umask #o077)
>>> +          (mkdir-p var-log-audit)))))
>>> +
>> This would also apply umask 077 to /var and /var/log if those don't
>> already exist.  More importantly, code executed after that will also
>> inherit the umask, which I don't think is the intended consequence.
> 
> More concretely, the procedure 'mkdir-p/perms' would address the umask
> issue, but not the potential ‘oops too restrictive permissions for /var
> and /var/log' issue.
Ok, i can assume that a future version of 'mkdir-p/perms' will handle the
umask.

Should the activation now handle potential permission problems from past
activations and auditd starts? Can you try to explain in more detail
please?

BR
This bug report was last modified 3 years and 85 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.