futurile/guix-play
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

shepherd: Set #o640 permissions for log file of service in container.

Browse Source 
* gnu/build/shepherd.scm (make-forkexec-constructor/container): Set #o640
permissions for log file.
This commit is contained in:
Arun Isaac 2022-08-23 22:53:41 +05:30
parent 162c7e1bc6
commit 3e866e24f0
No known key found for this signature in database
GPG Key ID: 2E25EE8B61802BB3
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
gnu/build/shepherd.scm
View File

@ -2,6 +2,7 @@
;;; Copyright © 2017, 2018, 2019, 2020, 2022 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2020 Mathieu Othacehe <othacehe@gnu.org>
;;; Copyright © 2022 Leo Nikkilä <hello@lnikki.la>
;;; Copyright © 2022 Arun Isaac <arunisaac@systemreboot.net>
;;;
;;; This file is part of GNU Guix.
;;;
@ -186,7 +187,7 @@ namespace, in addition to essential bind-mounts such /proc."
(when log-file
;; Create LOG-FILE so we can map it in the container.
(unless (file-exists? log-file)
(call-with-output-file log-file (const #t))
(close (open log-file (logior O_CREAT O_APPEND O_CLOEXEC) #o640))
(when user
(let ((pw (getpwnam user)))
(chown log-file (passwd:uid pw) (passwd:gid pw))))))