diff options
author | Prasanna Kumar Kalever <prasanna.kalever@redhat.com> | 2020-05-29 18:31:21 +0530 |
---|---|---|
committer | Prasanna Kumar Kalever <prasanna.kalever@redhat.com> | 2020-05-29 18:40:03 +0530 |
commit | e347f7ea20547052e8fc1b65cba5e3f3ef2bf3d8 (patch) | |
tree | ce5a63643d0812ee6fac0a66963ee5383be509c1 /daemon/targetclid | |
parent | bab9fc16236c4aceade31e95327bc7b493bb157a (diff) | |
download | targetcli-e347f7ea20547052e8fc1b65cba5e3f3ef2bf3d8.tar.gz |
uds: set right permissions at bind() time
We fixed it earlier with commit 6e4f39357a90a914d11bac21cc2d2b52c07c213d
but that fixes the issue when someone run the targetclid with systemd
only.
If we don't use targetclid.socket and want to run `targetclid` from
command line, then socket.bind() will create the file with default
permissions.
Hence its good if we can guard the permissions right at the time of .bind()
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
Diffstat (limited to 'daemon/targetclid')
-rwxr-xr-x | daemon/targetclid | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/daemon/targetclid b/daemon/targetclid index 329cede..9bf8ae7 100755 --- a/daemon/targetclid +++ b/daemon/targetclid @@ -28,6 +28,7 @@ from threading import Thread import os import sys +import stat import socket import struct import fcntl @@ -238,12 +239,17 @@ def main(): # save socket so a signal can clea it up to.sock = sock + mode = stat.S_IRUSR | stat.S_IWUSR # 0o600 + umask = 0o777 ^ mode # Prevents always downgrading umask to 0 + umask_original = os.umask(umask) # Bind the socket path try: sock.bind(to.socket_path) except socket.error as err: to.display(to.render(err.strerror, 'red')) sys.exit(1) + finally: + os.umask(umask_original) # Listen for incoming connections try: |