diff options
author | Alexander Larsson <alexl@redhat.com> | 2016-01-22 12:21:49 +0100 |
---|---|---|
committer | Alexander Larsson <alexl@redhat.com> | 2016-01-22 12:21:49 +0100 |
commit | 62c0d3ad3ded4b0a0bd7aa70913d41e191b2eabd (patch) | |
tree | 662cc18f61837de4e987f4ed569e824bfe2b336e /app | |
parent | 03905e181a11be8050f50ec7afa47f006c299e72 (diff) | |
download | xdg-app-62c0d3ad3ded4b0a0bd7aa70913d41e191b2eabd.tar.gz |
build-export: Never export files you can't read
It makes no sense to have these in a runtime or an app, it just
causes issues.
Diffstat (limited to 'app')
-rw-r--r-- | app/xdg-app-builtins-build-export.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/app/xdg-app-builtins-build-export.c b/app/xdg-app-builtins-build-export.c index 83f9f28..d5e0f5c 100644 --- a/app/xdg-app-builtins-build-export.c +++ b/app/xdg-app-builtins-build-export.c @@ -135,15 +135,18 @@ commit_filter (OstreeRepo *repo, GFileInfo *file_info, CommitData *commit_data) { - guint current_mode; + guint mode; /* No user info */ g_file_info_set_attribute_uint32 (file_info, "unix::uid", 0); g_file_info_set_attribute_uint32 (file_info, "unix::gid", 0); + mode = g_file_info_get_attribute_uint32 (file_info, "unix::mode"); /* No setuid */ - current_mode = g_file_info_get_attribute_uint32 (file_info, "unix::mode"); - g_file_info_set_attribute_uint32 (file_info, "unix::mode", current_mode & ~07000); + mode = mode & ~07000; + /* All files readable */ + mode = mode | 0444; + g_file_info_set_attribute_uint32 (file_info, "unix::mode", mode); if (matches_patterns (commit_data->exclude, path) && !matches_patterns (commit_data->include, path)) |