From 3e866e24f05e7e60cbd56a6240cdd2efede6eb4c Mon Sep 17 00:00:00 2001 From: Arun Isaac Date: Tue, 23 Aug 2022 22:53:41 +0530 Subject: [PATCH] shepherd: Set #o640 permissions for log file of service in container. * gnu/build/shepherd.scm (make-forkexec-constructor/container): Set #o640 permissions for log file. --- gnu/build/shepherd.scm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/gnu/build/shepherd.scm b/gnu/build/shepherd.scm index f4caefce3c..9d9bfcfbc0 100644 --- a/gnu/build/shepherd.scm +++ b/gnu/build/shepherd.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2017, 2018, 2019, 2020, 2022 Ludovic Courtès ;;; Copyright © 2020 Mathieu Othacehe ;;; Copyright © 2022 Leo Nikkilä +;;; Copyright © 2022 Arun Isaac ;;; ;;; This file is part of GNU Guix. ;;; @@ -186,7 +187,7 @@ namespace, in addition to essential bind-mounts such /proc." (when log-file ;; Create LOG-FILE so we can map it in the container. (unless (file-exists? log-file) - (call-with-output-file log-file (const #t)) + (close (open log-file (logior O_CREAT O_APPEND O_CLOEXEC) #o640)) (when user (let ((pw (getpwnam user))) (chown log-file (passwd:uid pw) (passwd:gid pw))))))