From 7c21dc556222634b2f4f5cd26c4137e7b59ee643 Mon Sep 17 00:00:00 2001 From: Gordon Hecker Date: Wed, 22 Apr 2009 17:09:11 +0200 Subject: [PATCH] enforce umask 0022 when doing work in chroot Signed-off-by: Gordon Hecker --- local/e2build.lua | 15 +++++++++++++++ local/e2tool.lua | 28 ++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+) diff --git a/local/e2build.lua b/local/e2build.lua index c403563..ce9591d 100644 --- a/local/e2build.lua +++ b/local/e2build.lua @@ -224,7 +224,9 @@ function e2build.setup_chroot(info, r, return_flags) -- e2-su set_permissions_2_3 local args = string.format("set_permissions_2_3 '%s'", res.build_config.base) + e2tool.set_umask(info) local rc, re = e2lib.e2_su_2_2(args) + e2tool.reset_umask(info) if not rc then return false, e:cat(re) end @@ -254,7 +256,9 @@ function e2build.setup_chroot(info, r, return_flags) -- e2-su extract_tar_2_3 local args = string.format("extract_tar_2_3 '%s' '%s' '%s'", res.build_config.base, tartype, path) + e2tool.set_umask(info) local rc, re = e2lib.e2_su_2_2(args) + e2tool.reset_umask(info) if not rc then return false, e:cat(re) end @@ -277,7 +281,9 @@ function e2build.enter_playground(info, r, chroot_command) local cmd = string.format("%s %s chroot_2_3 '%s' %s", res.build_config.chroot_call_prefix, e2_su, res.build_config.base, chroot_command) + e2tool.set_umask(info) os.execute(cmd) + e2tool.reset_umask(info) -- return code depends on user commands. Ignore. return true, nil end @@ -289,13 +295,17 @@ function e2build.fix_permissions(info, r, return_flags) e2lib.log(3, "fix permissions") local args = string.format("chroot_2_3 '%s' chown -R root:root '%s'", res.build_config.base, res.build_config.Tc) + e2tool.set_umask(info) rc, re = e2lib.e2_su_2_2(args) + e2tool.reset_umask(info) if not rc then return false, e:cat(re) end local args = string.format("chroot_2_3 '%s' chmod -R u=rwX,go=rX '%s'", res.build_config.base, res.build_config.Tc) + e2tool.set_umask(info) rc, re = e2lib.e2_su_2_2(args) + e2tool.reset_umask(info) if not rc then return false, e:cat(re) end @@ -332,7 +342,9 @@ function e2build.runbuild(info, r, return_flags) out:write(output) out:flush() end + e2tool.set_umask(info) local rc = e2lib.callcmd_capture(cmd, logto) + e2tool.reset_umask(info) out:close() if rc ~= 0 then -- XXX e2hook.run_hook(c.info, "build-failure", c, "e2-build") @@ -351,7 +363,9 @@ function e2build.chroot_cleanup(info, r, return_flags) return true, nil end local args = string.format("remove_chroot_2_3 '%s'", res.build_config.base) + e2tool.set_umask(info) local rc, re = e2lib.e2_su_2_2(args) + e2tool.reset_umask(info) if not rc then return e:cat(re) end @@ -1097,3 +1111,4 @@ function e2build.collect_project(info, r, return_flags) end return true, nil end + diff --git a/local/e2tool.lua b/local/e2tool.lua index 776ccb1..b5c4c14 100644 --- a/local/e2tool.lua +++ b/local/e2tool.lua @@ -271,6 +271,11 @@ function e2tool.collect_project_info(path) local e = new_error("reading project configuration") local info = {} + + -- set the umask value to be used in chroot + info.chroot_umask = 18 -- 0022 octal + e2tool.init_umask(info) + info.root, re = e2lib.locate_project_root(path) if not info.root then return false, e:append("you are not located in a project directory") @@ -2375,3 +2380,26 @@ function e2tool.load_result_config(info) end return true, nil end + +--- set umask to value used for build processes +-- @param info +function e2tool.set_umask(info) + e2lib.logf(4, "setting umask to %04o", info.chroot_umask) + e2util.umask(info.chroot_umask) +end + +-- set umask back to the value used on the host +-- @param info +function e2tool.reset_umask(info) + e2lib.logf(4, "setting umask to %04o", info.host_umask) + e2util.umask(info.host_umask) +end + +-- initialize the umask set/reset mechanism (i.e. store the host umask) +-- @param info +function e2tool.init_umask(info) + -- save the umask value we run with + info.host_umask = e2util.umask(022); + -- restore the previous umask value again + e2util.umask(info.host_umask); +end -- 2.39.5