qubes/log: ensure logs are group writable

/var/log/qubes directory have setgid set, so all the files will be owned
by qubes group (that's ok), but there is no enforcement of creating it
group writable, which undermine group ownership (logs created by root
would not be writable by normal user)

QubesOS/qubes-issues#2412

qubes/log.py

@@ -127,8 +127,12 @@ def get_vm_logger(vmname):
     logger = logging.getLogger('vm.' + vmname)
     if logger.handlers:
         return logger
-    handler = logging.FileHandler(
-        os.path.join(LOGPATH, 'vm-{}.log'.format(vmname)))
+    old_umask = os.umask(0o007)
+    try:
+        handler = logging.FileHandler(
+            os.path.join(LOGPATH, 'vm-{}.log'.format(vmname)))
+    finally:
+        os.umask(old_umask)
     handler.setFormatter(formatter_log)
     logger.addHandler(handler)