namespace: make tmp dir handling code independent of umask too

Let's make all code in namespace.c robust towards weird umask. This doesn't matter too much given that the parent dirs we deal here almost certainly exist anyway, but let's clean this up anyway and make it fully clean.
author: Lennart Poettering <lennart@poettering.net> 2021-11-12 11:16:02 +0100
committer: Lennart Poettering <lennart@poettering.net> 2021-11-12 16:02:22 +0100
commit: 30443439274cc223583c6c57f7d9041e440e346f (patch)
tree: 33810901783cd4cf3da4a5a3a3cc6af9eb16c3ad
parent: cdf42f9bd40ff21a67d58b948efea055d56ad398 (diff)
download: systemd-30443439274cc223583c6c57f7d9041e440e346f.tar.gz
1 files changed, 7 insertions, 5 deletions
diff --git a/src/core/namespace.c b/src/core/namespace.c
index 2239bbfb8a..c01975b9de 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -2508,7 +2508,8 @@ static int make_tmp_prefix(const char *prefix) {
         if (errno != ENOENT)
                 return -errno;
 
-        r = mkdir_parents(prefix, 0755);
+        RUN_WITH_UMASK(000)
+                r = mkdir_parents(prefix, 0755);
         if (r < 0)
                 return r;
 
@@ -2516,7 +2517,8 @@ static int make_tmp_prefix(const char *prefix) {
         if (r < 0)
                 return r;
 
-        if (mkdir(t, 0777) < 0)
+        if (mkdir(t, 0777) < 0) /* umask will corrupt this access mode, but that doesn't matter, we need to
+                                 * call chmod() anyway for the suid bit, below. */
                 return -errno;
 
         if (chmod(t, 01777) < 0) {
@@ -2574,10 +2576,9 @@ static int setup_one_tmp_dir(const char *id, const char *prefix, char **path, ch
                 if (!y)
                         return -ENOMEM;
 
-                RUN_WITH_UMASK(0000) {
+                RUN_WITH_UMASK(0000)
                         if (mkdir(y, 0777 | S_ISVTX) < 0)
                                     return -errno;
-                }
 
                 r = label_fix_container(y, prefix, 0);
                 if (r < 0)
@@ -2589,7 +2590,8 @@ static int setup_one_tmp_dir(const char *id, const char *prefix, char **path, ch
                 /* Trouble: we failed to create the directory. Instead of failing, let's simulate /tmp being
                  * read-only. This way the service will get the EROFS result as if it was writing to the real
                  * file system. */
-                r = mkdir_p(RUN_SYSTEMD_EMPTY, 0500);
+                RUN_WITH_UMASK(0000)
+                        r = mkdir_p(RUN_SYSTEMD_EMPTY, 0500);
                 if (r < 0)
                         return r;
author	Lennart Poettering <lennart@poettering.net>	2021-11-12 11:16:02 +0100
committer	Lennart Poettering <lennart@poettering.net>	2021-11-12 16:02:22 +0100
commit	30443439274cc223583c6c57f7d9041e440e346f (patch)
tree	33810901783cd4cf3da4a5a3a3cc6af9eb16c3ad
parent	cdf42f9bd40ff21a67d58b948efea055d56ad398 (diff)
download	systemd-30443439274cc223583c6c57f7d9041e440e346f.tar.gz