Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Set umask before possibly creating new files - make them group-writable

Browse Source
This commit is contained in:
Marek Marczykowski 2013-05-20 01:30:48 +02:00 committed by Marek Marczykowski-Górecki
parent b3af858502
commit 25ee58217d
2 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
core-modules/000QubesVm.py
View File

@ -1137,9 +1137,11 @@ class QubesVm(object):
domain_config = conf_template.format(**template_params) domain_config = conf_template.format(**template_params)
# FIXME: This is only for debugging purposes # FIXME: This is only for debugging purposes
old_umask = os.umask(002)
conf_appvm = open(file_path, "w") conf_appvm = open(file_path, "w")
conf_appvm.write(domain_config) conf_appvm.write(domain_config)
conf_appvm.close() conf_appvm.close()
os.umask(old_umask)
return domain_config return domain_config
@ -1151,6 +1153,7 @@ class QubesVm(object):
if dry_run: if dry_run:
return return
old_umask = os.umask(002)
if verbose: if verbose:
print >> sys.stderr, "--> Creating directory: {0}".format(self.dir_path) print >> sys.stderr, "--> Creating directory: {0}".format(self.dir_path)
os.mkdir (self.dir_path) os.mkdir (self.dir_path)
@ -1198,6 +1201,8 @@ class QubesVm(object):
print >> sys.stderr, "--> Creating icon symlink: {0} -> {1}".format(self.icon_path, self.label.icon_path) print >> sys.stderr, "--> Creating icon symlink: {0} -> {1}".format(self.icon_path, self.label.icon_path)
os.symlink (self.label.icon_path, self.icon_path) os.symlink (self.label.icon_path, self.icon_path)
os.umask(old_umask)
# fire hooks # fire hooks
for hook in self.hooks_create_on_disk: for hook in self.hooks_create_on_disk:
hook(self, verbose, source_template=source_template) hook(self, verbose, source_template=source_template)
@ -1398,14 +1403,13 @@ class QubesVm(object):
tree = lxml.etree.ElementTree(root) tree = lxml.etree.ElementTree(root)
try: try:
f = open(self.firewall_conf, 'a') # create the file if not exist old_umask = os.umask(002)
f.close()
with open(self.firewall_conf, 'w') as f: with open(self.firewall_conf, 'w') as f:
fcntl.lockf(f, fcntl.LOCK_EX) fcntl.lockf(f, fcntl.LOCK_EX)
tree.write(f, encoding="UTF-8", pretty_print=True) tree.write(f, encoding="UTF-8", pretty_print=True)
fcntl.lockf(f, fcntl.LOCK_UN) fcntl.lockf(f, fcntl.LOCK_UN)
f.close() f.close()
os.umask(old_umask)
except EnvironmentError as err: except EnvironmentError as err:
print >> sys.stderr, "{0}: save error: {1}".format( print >> sys.stderr, "{0}: save error: {1}".format(
os.path.basename(sys.argv[0]), err) os.path.basename(sys.argv[0]), err)

2
core-modules/003QubesTemplateVm.py
View File

@ -162,11 +162,13 @@ class QubesTemplateVm(QubesVm):
if os.path.exists (self.rootcow_img): if os.path.exists (self.rootcow_img):
os.rename (self.rootcow_img, self.rootcow_img + '.old') os.rename (self.rootcow_img, self.rootcow_img + '.old')
old_umask = os.umask(002)
f_cow = open (self.rootcow_img, "w") f_cow = open (self.rootcow_img, "w")
f_root = open (self.root_img, "r") f_root = open (self.root_img, "r")
f_root.seek(0, os.SEEK_END) f_root.seek(0, os.SEEK_END)
f_cow.truncate (f_root.tell()) # make empty sparse file of the same size as root.img f_cow.truncate (f_root.tell()) # make empty sparse file of the same size as root.img
f_cow.close () f_cow.close ()
f_root.close() f_root.close()
os.umask(old_umask)
register_qubes_vm_class(QubesTemplateVm) register_qubes_vm_class(QubesTemplateVm)