From unknown Fri Aug 15 15:31:04 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#67867 <67867@debbugs.gnu.org> To: bug#67867 <67867@debbugs.gnu.org> Subject: Status: [PATCH shepherd] service: fix ownership+permissions on Unix sockets Reply-To: bug#67867 <67867@debbugs.gnu.org> Date: Fri, 15 Aug 2025 22:31:04 +0000 retitle 67867 [PATCH shepherd] service: fix ownership+permissions on Unix s= ockets reassign 67867 guix-patches submitter 67867 Ulrich Baum severity 67867 normal tag 67867 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Sun Dec 17 10:52:05 2023 Received: (at submit) by debbugs.gnu.org; 17 Dec 2023 15:52:06 +0000 Received: from localhost ([127.0.0.1]:58900 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rEtQz-0005rI-D8 for submit@debbugs.gnu.org; Sun, 17 Dec 2023 10:52:05 -0500 Received: from lists.gnu.org ([2001:470:142::17]:60300) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rErM0-0003a1-Sk for submit@debbugs.gnu.org; Sun, 17 Dec 2023 08:38:49 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rErLs-0002Vw-C5 for guix-patches@gnu.org; Sun, 17 Dec 2023 08:38:40 -0500 Received: from mout-p-101.mailbox.org ([2001:67c:2050:0:465::101]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256) (Exim 4.90_1) (envelope-from ) id 1rErLZ-0005bR-LM for guix-patches@gnu.org; Sun, 17 Dec 2023 08:38:40 -0500 Received: from smtp1.mailbox.org (smtp1.mailbox.org [10.196.197.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-101.mailbox.org (Postfix) with ESMTPS id 4StPD46W3gz9sjT for ; Sun, 17 Dec 2023 14:38:12 +0100 (CET) Date: Sun, 17 Dec 2023 14:38:12 +0100 (CET) From: Ulrich Baum To: "guix-patches@gnu.org" Message-ID: <656849315.83800.1702820292582@office.mailbox.org> Subject: [PATCH shepherd] service: fix ownership+permissions on Unix sockets MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Priority: 3 Importance: Normal Received-SPF: pass client-ip=2001:67c:2050:0:465::101; envelope-from=ulrich.baum@ubaum.de; helo=mout-p-101.mailbox.org X-Spam_score_int: -25 X-Spam_score: -2.6 X-Spam_bar: -- X-Spam_report: (-2.6 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.6 (/) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Sun, 17 Dec 2023 10:51:58 -0500 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.4 (/) Previously, ownership and permissions of AF_UNIX sockets created by make-inetd-constructor and make-systemd-constructor were not set, leaving the socket with root:root and 755 permissions. modules/shepherd/service.scm (endpoint->listening-socket): fix chown and chmod calls --- modules/shepherd/service.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/shepherd/service.scm b/modules/shepherd/service.scm index 41c6248..f22aaaf 100644 --- a/modules/shepherd/service.scm +++ b/modules/shepherd/service.scm @@ -1867,8 +1867,8 @@ retrying to bind it in one second.") (listen sock backlog) (when (= AF_UNIX (sockaddr:fam address)) - (chown sock owner group) - (chmod sock #o666)) + (chown (sockaddr:path address) owner group) + (chmod (sockaddr:path address) #o666)) sock)))) -- 2.43.0 From debbugs-submit-bounces@debbugs.gnu.org Tue Dec 19 17:39:11 2023 Received: (at 67867-done) by debbugs.gnu.org; 19 Dec 2023 22:39:11 +0000 Received: from localhost ([127.0.0.1]:37797 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rFik3-0006D8-I0 for submit@debbugs.gnu.org; Tue, 19 Dec 2023 17:39:11 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:56224) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rFik1-0006Ct-5H for 67867-done@debbugs.gnu.org; Tue, 19 Dec 2023 17:39:10 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rFijs-0004gN-Fd; Tue, 19 Dec 2023 17:39:00 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=c8CKXnII4+SXXBrCZLKyX1QUyvcZxH/IkIjju8NpqQY=; b=orKYDpl+uqt1qSqNHG3D EDKtP4fjLkpyPIgvwa+AUlf4gRkaGiuy0AJAjWvRzGNB/1VF4mO01Z4GsIEp3OlLxx31eBkdk5mJn s6cnYCw/sQVe2npYjpISG05iAHMWOVQBgwlzekNA2q6cSIzJlwX9uYNBuy/Izv956lX24EjmCa/Ij C21fD0EwLUm4O0sV23ORJ5soBg2Vh1BlLSvb0g2ABkICC0urvQeo+g7hDuf+BVpkwdXvMOfrHXT9R v44UnMmfHpcOTjm4quZGB1PwGpSDWl3CqqGQapRXep3hlXwvmbzzjvy9j1zsF4EhiURESaelHjWgA HFVekSR0l7x0sg==; From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Ulrich Baum Subject: Re: bug#67867: [PATCH shepherd] service: fix ownership+permissions on Unix sockets In-Reply-To: <656849315.83800.1702820292582@office.mailbox.org> (Ulrich Baum's message of "Sun, 17 Dec 2023 14:38:12 +0100 (CET)") References: <656849315.83800.1702820292582@office.mailbox.org> Date: Tue, 19 Dec 2023 23:38:57 +0100 Message-ID: <87a5q5izr2.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 67867-done Cc: 67867-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi Ulrich, Ulrich Baum skribis: > Previously, ownership and permissions of AF_UNIX sockets created by > make-inetd-constructor and make-systemd-constructor were not set, > leaving the socket with root:root and 755 permissions. > > modules/shepherd/service.scm (endpoint->listening-socket): fix chown and > chmod calls [...] > (when (=3D AF_UNIX (sockaddr:fam address)) > - (chown sock owner group) > - (chmod sock #o666)) > + (chown (sockaddr:path address) owner group) > + (chmod (sockaddr:path address) #o666)) Good catch! I was surprised that fchown(2) and fchmod(2) silently did nothing, but that=E2=80=99s how it is. Pushed together with a test, which allowed me to find a related bug (more serious, because it=E2=80=99s about permissions on the socket=E2=80= =99s directory): 9dfeb4e support: =E2=80=98mkdir-p=E2=80=99 sets permissions when director= y already exists. f5b7411 service: Really set ownership and permissions on Unix sockets. (BTW, I have just renamed =E2=80=98master=E2=80=99 to =E2=80=98main=E2=80= =99, but =E2=80=98master=E2=80=99 hasn=E2=80=99t been deleted yet from the server; make sure to pick =E2=80=98main=E2=80=99 and a= djust your Git config.) Thanks, Ludo=E2=80=99. From unknown Fri Aug 15 15:31:04 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Wed, 17 Jan 2024 12:24:14 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator